header-logo
Suggest Exploit
vendor:
OTManager
by:
Colt7r
7.5
CVSS
HIGH
Remote File Inclusion (RFI)
98
CWE
Product Name: OTManager
Affected Version From: OTManager 2.4
Affected Version To: OTManager 2.4
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

OTManager 2.4 Remote File Inclusion (RFI) Vulnerability

A security flaw was discovered in OTManager 2.4 which allows attackers to execute arbitrary code on the vulnerable system. This is done by sending a maliciously crafted URL to the vulnerable server, which then includes the malicious code in the application. The malicious code can be executed by the server, allowing the attacker to gain access to the system.

Mitigation:

Ensure that all user-supplied input is properly validated and sanitized before being used in the application. This can be done by using a whitelist of accepted inputs, or by using a regular expression to validate the input.
Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

  OTManager 2.4 Remote File Inclusion (RFI) Vulnerability

  - Security flaw discovered by Colt7r
  - CONTACT: colt7r |@| bsdmail.org

  - Affected Software: OTManager 2.4
  - Risk: HIGH
  - Exploit: http://host/Admin/ADM_Pagina.php?Tipo=[EVIL CODE]

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2008-11-10]

Navigation

Suggest Exploit

Services By CQR