Exploit Digital Hive 2.0 - 'base_include.php' Local File Inclusion

[Exploiter]

EDB-ID

31804

Проверка EDB

1. Пройдено

Автор

ZORLU

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2008-2415

Дата публикации

2008-05-16

source: https://www.securityfocus.com/bid/29255/info

Digital Hive is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files in the context of the webserver process. This may aid in further attacks.

Digital Hive 2.0 RC2 is vulnerable; other versions may also be affected. 

http://www.example.com/hive_v2.0_RC2/template/purpletech/base_include.php?page=../../etc/passwd