header-logo
Suggest Exploit
vendor:
YAP
by:
Alkindiii
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: YAP
Affected Version From: 1.1
Affected Version To: 1.1.2001
Patch Exists: YES
Related CWE: N/A
CPE: a:yap:yap:1.1.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

YAP v1.1.1 Local File Inclusion Vulnerability

YAP v1.1.1 is vulnerable to a Local File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server, containing a maliciously crafted URL parameter. This can allow an attacker to read arbitrary files from the server, such as configuration files, source code, etc. The vulnerable URL parameter is 'page', and the malicious URL would look like http://www.site.com/index.php?page=[LFI]%00

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a file path. Additionally, ensure that the web server is configured to deny access to files outside of the web root directory.
Source

Exploit-DB raw data:

#########################################################
#	YAP v1.1.1 Local File Inclusion Vulnerability	#
#########################################################


# AUTHOR			: Alkindiii
# CONTACT			: Alkindiii [4T] islamway {D0T} net
# HOME				: http://www.soqor.net


# Script			: YAP
# Version			: 1.1.1
# Download v1.1			: http://wildmary.net-sauvage.com/share/yap1.1.tar.gz
# Update to v1.1.1		: http://wildmary.net-sauvage.com/share/yap-patch1.1.1.zip


# EXPLOIT			: http://www.site.com/index.php?page=[LFI]%00


# GREETZ			: HACKERS PAL, Dr.Cr@ck, All soqor.net members, All Moroccan Hackers.

# milw0rm.com [2009-03-13]

Navigation

Suggest Exploit

Services By CQR