header-logo
Suggest Exploit
vendor:
OZJournals
by:
shinmai
CVSS
LOW
Local File Exposure
200
CWE
Product Name: OZJournals
Affected Version From: 2.1.2001
Affected Version To: 2.1.2001
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

OZJournals 2.1.1

OZJournals uses .php-files as it's storage, and posts are read from them with the getcontents-function. This protects from traditional LFI-exploits, but the print -functionality, for instance, takes an id as a value, and allows an attacker to get the contents of files other than intended. Before printing the php-file is explode()d with "t", but seeing as many scripts have tabs in their configuration files, an attacker could, with some luck, fish out database credentials or other sensitive data.

Mitigation:

Ensure that the application is not vulnerable to local file inclusion attacks.
Source

Exploit-DB raw data:

# Name: OZJournals 2.1.1
# Webiste: http://www.aqonlinenetworks.com/
# Vulnerability type: Local File Exposure
# Author:
#         shinmai, 2008-01-21
######################################################################################
# Description:
#
# OZJournals uses .php-files as it's storage, and posts are read from them with the
# getcontents-function. This protects from traditional LFI-exploits, but the print
# -functionality, for instance, takes an id as a value, and allows an attacker to get
# the contents of files other than intended. Before printing the php-file is
# explode()d with "\t", but seeing as many scripts have tabs in their configuration
# files, an attacker could, with some luck, fish out database credentials or other
# sensitive data.
#
# This is a VERY low risk vulnerability, but can potentially provide additional
# reconnaissance data for an attacker.
#
# Example;

http://localhost/ozjournals/?show=printpreview&id=../config

#
# Vulnerable code:

$pfile = file_get_contents("$datadirectory/$id.php");

#
# Again as I said, this is a very low risk vulnerability, but I see no reason for
# AQOnline Networks not to fix it, even after having been notified about it numerous
# times.
#
# Good luck and be safe.
# In memoriam Anna-Emilia...
#

# milw0rm.com [2008-01-21]

Navigation

Suggest Exploit

Services By CQR