Written by Garry
Wednesday, 18 March 2009 22:01
Mega File Hosting Script 'cross.php' Remote File Include Vulnerability
Input Validation Error
Mar 17 2009 12:00AM
Mar 18 2009 04:56PM
YABSoft Mega File Hosting Script 1.2
Mega File Hosting Script is prone to a remote file-include vulnerability because it fails to sufficiently
sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other
attacks are also possible.
Mega File Hosting Script 1.2 is vulnerable; other versions may also be affected.
An attacker can exploit this issue via a browser.
The following proof-of-concept URIs are available:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of
more recent information, please mail us at:
--Mega File Hosting Script Homepage