CVE-2008-0357
published 2008-01-18CVE-2008-0357: Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute…
PriorityP430medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
2.35%
81.6th percentile
Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| galaxyscripts | mini_file_host | <= 1.2.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Mini File Host 1.2.1 - 'language' Local File Inclusion
exploitdb·2008-01-20
CVE-2008-0357 Mini File Host 1.2.1 - 'language' Local File Inclusion
Mini File Host 1.2.1 - 'language' Local File Inclusion
---
#!/usr/bin/perl
# Name: Mini File Host (1.2.1 "Security Fixed release" and earlier)
# Vulnerability type: Local File Inclusion through POST requests (pages/upload.php)
# Authors:
# Scary-Boys: original GET-vulnerability, 2008-01-17
# shinmai: POST-request vulnerability in latest version
# perl POC, 2008-01-19
######################################################################################
# Description:
# The same language=LFI vulnerability is found in 1.2 is present in thelatest version
# POST has to be used to exploit instead of GET.
#
# This POC is to be used as follows:
# perl mfh121.pl -f FILENAME.PHP -h HOSTNAME -e PATH TO MFH
#
# FILENAME.PHP is uploaded to the target script, and then executed through LFI with
# a PO
Exploit-DB
Mini File Host 1.2 - 'language' Local File Inclusion
exploitdb·2008-01-17
CVE-2008-0357 Mini File Host 1.2 - 'language' Local File Inclusion
Mini File Host 1.2 - 'language' Local File Inclusion
---
#########################################################################
# Mini File Host <= 1.2 Local File Inclusion Vulnerability #
#########################################################################
AUTHOR : Scary-Boys #
HOME : http://scary-boys.com #
Download : http://galaxyscripts.com/forum/downloads.php?do=file&id=1 #
#########################################################################
DorKs : "Powered By Mini File Host V1.2" #
#########################################################################
## EXPLOIT : #
http://server.com/Path/pages/upload.php?language=[-LFI-] #
#########################################################################
## GREETZ : S.W.A.T. My Best Friend For Founding This Vuln & Helped M
No writeups or analysis indexed.
http://secunia.com/advisories/28504http://www.securityfocus.com/bid/27327https://exchange.xforce.ibmcloud.com/vulnerabilities/39799https://www.exploit-db.com/exploits/4930http://secunia.com/advisories/28504http://www.securityfocus.com/bid/27327https://exchange.xforce.ibmcloud.com/vulnerabilities/39799https://www.exploit-db.com/exploits/4930
2008-01-18
Published