SolarPay Index.PHP Local File Include Vulnerability
BID:22722
Info
SolarPay Index.PHP Local File Include Vulnerability
| Bugtraq ID: | 22722 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-7099 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 26 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Hasadya Raed discovered this issue. |
| Vulnerable: |
SolarPay SolarPay 0 |
| Not Vulnerable: | |
Discussion
SolarPay Index.PHP Local File Include Vulnerability
SolarPay is prone to a local file-include vulnerability because the utility fails to properly sanitize user-supplied input.
Successfully exploiting this issue allows attackers to gain access to files located in directories they do not have permissions to access. Information that attackers harvest may aid them in further attacks.
SolarPay is prone to a local file-include vulnerability because the utility fails to properly sanitize user-supplied input.
Successfully exploiting this issue allows attackers to gain access to files located in directories they do not have permissions to access. Information that attackers harvest may aid them in further attacks.
Exploit / POC
SolarPay Index.PHP Local File Include Vulnerability
Attackers can exploit this vulnerability with a standard browser.
An example URI has been provided:
http://www.example.com/index.php?read=../admin/a_searchu.php
Attackers can exploit this vulnerability with a standard browser.
An example URI has been provided:
http://www.example.com/index.php?read=../admin/a_searchu.php
Solution / Fix
SolarPay Index.PHP Local File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].