Exploit OZJournals 2.1.1 - 'id' File Disclosure

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
4953
Проверка EDB
  1. Пройдено
Автор
SHINMAI
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2008-0435
Дата публикации
2008-01-21
Код:
# Name: OZJournals 2.1.1
# Webiste: http://www.aqonlinenetworks.com/
# Vulnerability type: Local File Exposure
# Author:
#         shinmai, 2008-01-21
######################################################################################
# Description:
#
# OZJournals uses .php-files as it's storage, and posts are read from them with the
# getcontents-function. This protects from traditional LFI-exploits, but the print
# -functionality, for instance, takes an id as a value, and allows an attacker to get
# the contents of files other than intended. Before printing the php-file is
# explode()d with "\t", but seeing as many scripts have tabs in their configuration
# files, an attacker could, with some luck, fish out database credentials or other
# sensitive data.
#
# This is a VERY low risk vulnerability, but can potentially provide additional
# reconnaissance data for an attacker.
#
# Example;

http://localhost/ozjournals/?show=printpreview&id=../config

#
# Vulnerable code:

$pfile = file_get_contents("$datadirectory/$id.php");

#
# Again as I said, this is a very low risk vulnerability, but I see no reason for
# AQOnline Networks not to fix it, even after having been notified about it numerous
# times.
#
# Good luck and be safe.
# In memoriam Anna-Emilia...
#

# milw0rm.com [2008-01-21]
 
Источник
www.exploit-db.com

Похожие темы