PHPSYSINFO 3.1.12 Local File Disclosure Vulnerability

ID 1337DAY-ID-24888
Type zdt
Reporter Paulos Yibelo
Modified 2016-02-02T00:00:00


PHPSYSINFO versions 3.1.12 and below suffer from a local file disclosure vulnerability.

                                            In \apps\phpsysinfo3.1.12/language/language.php

60: echo file_get_contents(APP_ROOT . '/language/' . $lang . '.xml');

is presented where $lang is defined as:

52: $lang = basename($_GET['lang']);

Which can be exploited like


which can be extended with nullbytes to contain any other file that isn't
XML too.

# [2016-04-19]  #