SOLIDserver 5.0.4 - Local File Inclusion

Type exploitpack
Reporter Saeed reza Zamanian
Modified 2016-02-20T00:00:00


SOLIDserver 5.0.4 - Local File Inclusion

                                            Title: SOLIDserver <=5.0.4 - Local File Inclusion Vunerability
Author: Saeed reza Zamanian [penetrationtest @ Linkedin]

Product: SOLIDserver
Tested Version: : 5.0.4 and 4.0.2
Vendor: efficient IP
Google Dork: SOLIDserver login
Date: 17 Feb 2016


About Product : 
EfficientIP's IP Address Management (IPAM) solution adapts to business and IT goals and objectives by allowing the creation of specific IPAM and VLANs deployment processes.
SOLIDserver™ IPAM is a unified solution that allows you to design, deploy, and manage the IP addressing plan automatically applying allocation rules and simplifying deployments. 

Vulnerability Details:
Based on a code review done on the product , this product doesn't have any observation on some parameters, that make the attacker able to read file contents.

PoC 1:

PoC 2 : [login authentication required]