SOLIDserver 5.0.4 - Local File Inclusion Vulnerability

ID 1337DAY-ID-24985
Type zdt
Reporter Saeed reza Zamanian
Modified 2016-02-20T00:00:00


Exploit for php platform in category web applications

                                            Title: SOLIDserver <=5.0.4 - Local File Inclusion Vunerability
Author: Saeed reza Zamanian [penetrationtest @ Linkedin]
Product: SOLIDserver
Tested Version: : 5.0.4 and 4.0.2
Vendor: efficient IP
Google Dork: SOLIDserver login
Date: 17 Feb 2016
About Product : 
EfficientIP's IP Address Management (IPAM) solution adapts to business and IT goals and objectives by allowing the creation of specific IPAM and VLANs deployment processes.
SOLIDserver™ IPAM is a unified solution that allows you to design, deploy, and manage the IP addressing plan automatically applying allocation rules and simplifying deployments. 
Vulnerability Details:
Based on a code review done on the product , this product doesn't have any observation on some parameters, that make the attacker able to read file contents.
PoC 1:
PoC 2 : [login authentication required]

# [2016-04-20]  #