DoSePa 1.0.4 (textview.php) Information Disclosure

vendor:

DoSePa

by:

Craig Heffner

7,5

CVSS

HIGH

Information Disclosure

200

CWE

Product Name: DoSePa

Affected Version From: 1.0.4

Affected Version To: 1.0.4

Patch Exists: YES

Related CWE: N/A

CPE: dosepa

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

DoSePa 1.0.4 (textview.php) Information Disclosure

The textview.php page in DoSePa does not properly sanitize the $_GET['file'] value; this allows an attacker to view any file to which the server has read rights.

Mitigation:

Sanitize the $_GET['file'] value.

Source

Exploit-DB raw data:

#######################################################################################
# Target:
#
#       DoSePa 1.0.4 (textview.php)
#       http://sourceforge.net/project/showfiles.php?group_id=91686
#
# Vulnerability:
#
#       Information disclosure.
#
# Description:
#
#       The textview.php page in DoSePa does not properly sanitize the $_GET['file']
#       value; this allows an attacker to view any file to which the server has
#       read rights.
#
# Vulnerable Code (truncated):
#
#       $file=$_GET['file'];
#       file_get_contents($file);
#
# Exploit:
#
#       http://dosepa.somesite.com/textview.php?file=/etc/passwd
#
# Discovery:
#
#       Craig Heffner
#       heffnercj [at] gmail.com
#       http://www.craigheffner.com
#######################################################################################

# milw0rm.com [2006-11-17]