Mini File Host - exploit.company

vendor:

Mini File Host

by:

Scary-Boys

7.5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: Mini File Host

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: Yes

Related CWE: N/A

CPE: a:galaxyscripts:mini_file_host:1.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Mini File Host <= 1.2 Local File Inclusion Vulnerability

A vulnerability exists in Mini File Host version 1.2 which allows an attacker to include local files on the server. This is done by manipulating the 'language' parameter in the 'upload.php' script. An attacker can exploit this vulnerability to include arbitrary files from the server, such as configuration files containing database credentials, or even to execute arbitrary code.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of Mini File Host.

Source

Exploit-DB raw data:

#########################################################################
#         Mini File Host <= 1.2 Local File Inclusion Vulnerability      #
#########################################################################
AUTHOR     : Scary-Boys							#
HOME       : http://scary-boys.com					#
Download   : http://galaxyscripts.com/forum/downloads.php?do=file&id=1 	#
#########################################################################
DorKs      : "Powered By Mini File Host V1.2"         			#
#########################################################################
## EXPLOIT :                                          			#
http://server.com/Path/pages/upload.php?language=[-LFI-] 		#
#########################################################################
## GREETZ  : S.W.A.T. My Best Friend For Founding This Vuln & Helped Me #
#########################################################################

http://www.galaxyscripts.com/demo/mfh12/

# milw0rm.com [2008-01-17]