Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Local File Include Vulnerability in Weekly Drawing Contest - exploit.company
header-logo
Suggest Exploit
vendor:
Weekly Drawing Contest
by:
5.5
CVSS
MEDIUM
Local File Include
CWE
Product Name: Weekly Drawing Contest
Affected Version From: 0.0.1
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Local File Include Vulnerability in Weekly Drawing Contest

The Weekly Drawing Contest is vulnerable to a local file-include vulnerability due to improper sanitization of user-supplied input. Exploiting this vulnerability allows an unauthorized user to view local files on the affected webserver. An attacker can exploit this issue by supplying a specially crafted payload in the 'order' parameter of the 'check_vote.php' script.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize and validate user-supplied input before using it in file inclusion operations. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22937/info

Weekly Drawing Contest is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view local files on the affected webserver.

This issue affects version 0.0.1; other versions may also be affected. 


http://www.example.com/[path]/check_vote.php?order=../../../../etc/passwd

Navigation

Suggest Exploit

Services By CQR