header-logo
Suggest Exploit
vendor:
justVisual 2.0
by:
eidelweiss
6,4
CVSS
MEDIUM
Local File Inclusion (LFI)
98
CWE
Product Name: justVisual 2.0
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: NO
Related CWE: N/A
CPE: justVisual
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

justVisual 2.0 (index.php) Local File Vulnerability

justVisual 2.0 is vulnerable to a Local File Inclusion (LFI) vulnerability. This vulnerability is caused due to the use of unsanitized user-supplied input in the 'p' parameter of the 'index.php' script. An attacker can exploit this vulnerability to include arbitrary local files from the web server and execute arbitrary PHP code.

Mitigation:

Input validation should be used to prevent the inclusion of arbitrary files. The application should also be configured to use a safe file extension for all files that are served by the web server.
Source

Exploit-DB raw data:

#########################################################################
	justVisual 2.0 (index.php) <= LFI Vulnerability
#########################################################################

[+]Title:	justVisual 2.0 (index.php) Local File Vulnerability
[+]Version:	2.0
[+]License:	http://www.gnu.org/copyleft/gpl.html
[+]Download:	http://fh54.de/justVisual/packages/justVisual2.zip
[+]Risk:	Medium
[+]Local:	Yes
[-]Remote:	No

###########################################################
[!]Author:  eidelweiss
[!]Contact: eidelweiss[at]cyberservices[dot]com
[!]Thank`s: sp3x (securityreason) - JosS (hack0wn) - r0073r & 0x1D (inj3ct0r)
[!]Special: [D]eal [C]yber - syabilla_putri (miss u) & all my friends
###########################################################

-=[ VULN CODE ]=-

	$selfname=basename($_SERVER['PHP_SELF'],'.php'); 
	if(isset($_GET['p']) && !empty($_GET['p'])) {
		//$selfname=basename($_GET['p'],'.php');
		$selfname=str_replace('.php','',$_GET['p']);


-=[ P0C ]=-

	Http://127.0.0.1/index.php?p=[LFI]

###############################=[E0F]=###################################

Navigation

Suggest Exploit

Services By CQR