DDL-Speed Script RFI Vulnerabilities

vendor:

DDL-Speed Script

by:

sys-flaw

N/A

CVSS

N/A

Remote File Inclusion

CWE

Product Name: DDL-Speed Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

DDL-Speed Script RFI Vulnerabilities

The DDL-Speed Script is vulnerable to Remote File Inclusion (RFI) attacks. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable parameter in the log.php, index.php, and acp.php files. This can allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

The best way to mitigate RFI attacks is to ensure that user input is properly sanitized and validated. Additionally, the web application should be configured to only allow access to files that are necessary for the application to function.

Source

Exploit-DB raw data:

########################################################################################################################
#DDL-Speed Script RFI Vulnerabilities											
#=======================================================================================================================
#                                                                     							
#Critical Level : Dangerous                                           							
#                                                                     							
#Vendor site : http://ddl-speed.org/  ( Will be back soon)  								
#															
#Download : http://scriptmafia.org/cms/1766-ddl-speed.org-script-vom-30.03.2008.html					
#															
#=======================================================================================================================
#															
#DORK : "index.php?section=post_upload"                                       						
#                                                       								
#															
#															
#Exploit :														
#--------------------------------											
#															
#www.[URL]/[PATH]/acp/backup/log.php	
#www.[URL]/[PATH]/acp/backup/index.php
#www.[URL]/[PATH]/acp/backup/acp.php										
#															
#=======================================================================================================================
#Discovered by : #sys-flaw ( Quakenet)											
#															
#Contact : tmh[at]sys-flaw.com	/ admin[at]sys-flaw.com									
#															
#Greetz to :n00bor , Five-Three-Nine , J0hn.X3r , electron1x , PurpleD1amond , Sebo , Z1uX , meckl , Floo , -Patrick_B ,
#abcdef ,Loader007 , bizzit , Barbers , dev0815 , f0Gx , h0yt3r , Nemo , e-shock , Sys-Flaw , Codesoft ,Free-Hack 	
#	      														
#															
########################################################################################################################

# milw0rm.com [2009-01-01]