Twenty Year Anniversary

DuckieTV CMS 1.1.5 Local File Inclusion

DuckieTV CMS 1.1.5 Local File Inclusion
Posted Oct 13, 2017
Authored by M.R.S.L.Y

DuckieTV CMS version 1.1.5 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2016-4314
MD5 | 0f7c3ac190d24812bb19d4a0af0f7e8a

DuckieTV CMS 1.1.5 Local File Inclusion

Change Mirror Download
 ___________________________________________________
|
| Exploit Title: DuckieTV CMS Local File Inclusion
| Exploit Author: Ashiyane Digital security Team
| Vendor Homepage: http://schizoduckie.github.io/DuckieTV/
| Software Link:
https://github.com/SchizoDuckie/DuckieTV/archive/angular.zip
| Version: DuckieTV 1.1.5
| Date: 2017-10-14
| Category: webapps
| Tested on: Kali-Linux /FireFox
| CVE : CVE-2016-4314
|__________________________________________________

Vulnerable File :

$cache = strtolower(preg_replace('/[^a-zA-Z0-9]/', '',
$_GET['url'])).'.json';

// if there's a cached version of this request in fixtures, serve it.
if(file_exists(dirname(__FILE__).'/fixtures/'.$cache)) {
$out =
json_decode(file_get_contents(dirname(__FILE__).'/fixtures/'.$cache),true);
$out['headers']['Content-Length'] = strlen($out['content']);
unset($out['headers']['Transfer-Encoding']);
unset($out['headers']['Cookie']);
foreach($out['headers'] as $key=>$val) {
header("{$key}: {$val}");
}
header('Proxy-Cache-hit: '.$cache);
die($out['content']);
} else {
header('Proxy-Cache-miss: '.$cache);
}

Proof of Concept :

http://127.0.0.1/7/DuckieTV-angular/tests/proxy.php?url=[LFI]

__________________________________________________

Discovered By : M.R.S.L.Y
__________________________________________________

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    1 Files
  • 18
    Nov 18th
    1 Files
  • 19
    Nov 19th
    3 Files
  • 20
    Nov 20th
    2 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close