Pagebakery CMS < Local File Disclosure

2017.07.05
ir Shahab Shamsi (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[-] Title : Pagebakery CMS < Local File Disclosure [-] Author : Shahab Shamsi [-] Software Link : https://github.com/Pagebakers/pagebakery.org-cms [-] Version: N/A [-] Tested on : [ Windows ] [-] Category : Webapps [-] Date : 2017 05 July =========== Vulnerable page : =========== /webroot/js/vendors.php ========== Vulnerable Code : ========== Line 38 : readfile('../../vendors/javascript/'.$file); Line 33 : $file = $_GET['file']; ========== POC URL: ========== http://localhost:8080/pagebakery-cms/webroot/js/vendors.php?file=[LFD] ========= Contact Me : Telegram : @Shahab_Shamsi Email : info@securityman.org WebSilte : WwW.iran123.Org


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top