Iphone pointter Social network LFI Vulnerability

vendor:

Iphone Pointter Social Network

by:

Sid3^effects aKa HaRi

7,5

CVSS

HIGH

LFI Vulnerability

N/A

CWE

Product Name: Iphone Pointter Social Network

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Iphone pointter Social network LFI Vulnerability

Apple Iphone Pointter is a PHP-based social network platform that lets you create a social network on your website. Right out of the box, your social network will offer nearly all of the features found on today's wildly popular social networks. An attacker can exploit this vulnerability by sending a crafted request to the vulnerable application with malicious input in the 'pid' parameter. This can lead to the disclosure of sensitive information from the server.

Mitigation:

Input validation should be performed to ensure that user-supplied data is not used to access unauthorized resources.

Source

Exploit-DB raw data:

1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name :  Iphone pointter Social network LFI Vulnerablility 
Date : july, 2 2010
Critical Level 	: HIGH
Vendor Url : http://www.pointter.com/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr
greetz to :**RoAd_KiLlEr**,www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description:

Apple Iphone Pointter is a PHP-based social network platform that lets you create a social network on your website. Right out of the box, your social network will offer nearly all of the features found on today's wildly popular social networks

###############################################################################################################

Xploit:  LFI Vulnerability

DEMO URL :http://server/iphone/showphoto.php?pid=[LFI]

###############################################################################################################
# 0day no more 
# Sid3^effects