phpDatingClub Local File Include Vulnerability

vendor:

phpDatingClub

by:

Big Ben

7.5

CVSS

HIGH

Local File Include

CWE

Product Name: phpDatingClub

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

phpDatingClub Local File Include Vulnerability

A vulnerability exists in phpDatingClub which allows an attacker to include a file from the local system. The vulnerability is due to the website.php script not properly sanitizing user-supplied input to the 'page' parameter. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing directory traversal characters to the vulnerable script. This can allow the attacker to include arbitrary files from the local system, resulting in the disclosure of sensitive information.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

#########################################################
#
#     phpDatingClub Local File Include Vulnerability
#========================================================
#                            =
#    Author: Big Ben                                    =
#                                                       =
#========================================================
#
#    script :  http://www.w2b.ru/download/phpDatingClub.zip
#
#    DorK   :   Powered by phpDatingClub
#     
##########################################################
#
# Exploit:
#
# www.[target].com/Script/website.php?page=[LFI]
#
##########################################################

# milw0rm.com [2008-07-10]