header-logo
Suggest Exploit
vendor:
cwmExplorer
by:
ajann
5.5
CVSS
MEDIUM
Source Code Disclosure
CWE
Product Name: cwmExplorer
Affected Version From: cwmExplorer 1.0
Affected Version To: cwmExplorer 1.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2006

cwmExplorer 1.0 (show_file) Source Code Disclosure Vulnerability

This vulnerability allows an attacker to disclose the source code of files in the cwmExplorer 1.0 application. The vulnerability exists in the show_file parameter, which is not properly sanitized before being used in a file inclusion operation. By manipulating the show_file parameter, an attacker can specify the path of any file on the server and view its source code.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input before using it in file inclusion operations. Additionally, access controls can be implemented to restrict access to sensitive files.
Source

Exploit-DB raw data:

*******************************************************************************************
# Title   :  cwmExplorer 1.0 (show_file) Source Code Disclosure Vulnerability
# Author  :  ajann
# Contact :  :(

*******************************************************************************************

[[ERROR]]]------------------------------------------------------
....
..
$datei = "dirs/".$d."/".$_GET[show_file];
....
..
[[ERROR]]]---------------------------------------------------------

Example:

//[path]/index.php?d=0&show_file=[file]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2006-12-19]