This exploit demonstrates a Remote File Include (RFI) vulnerability in ispCP Omega <= 1.0.4. The vulnerability allows an attacker to include arbitrary remote files via the `net2ftp_globals[application_skinsdir]` parameter in the filemanager module.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:ispCP Omega <= 1.0.4
No auth needed
Prerequisites:Network access to the target application · PHP remote file inclusion enabled on the server