Created
March 31, 2018 02:08
-
-
Save mitchmoser/77c949d28f63ba8c0ab5f8e4da7a3687 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Exploit Title: pChart 2.1.3 Directory Traversal and Reflected XSS | |
# Date: 2014-01-24 | |
# Exploit Author: Balazs Makany | |
# Vendor Homepage: www.pchart.net | |
# Software Link: www.pchart.net/download | |
# Google Dork: intitle:"pChart 2.x - examples" intext:"2.1.3" | |
# Version: 2.1.3 | |
# Tested on: N/A (Web Application. Tested on FreeBSD and Apache) | |
# CVE : N/A | |
[0] Summary: | |
PHP library pChart 2.1.3 (and possibly previous versions) by default | |
contains an examples folder, where the application is vulnerable to | |
Directory Traversal and Cross-Site Scripting (XSS). | |
It is plausible that custom built production code contains similar | |
problems if the usage of the library was copied from the examples. | |
The exploit author engaged the vendor before publicly disclosing the | |
vulnerability and consequently the vendor released an official fix | |
before the vulnerability was published. | |
[1] Directory Traversal: | |
"hxxp://localhost/examples/index.php?Action=View&Script=%2f..%2f..%2fetc/passwd" | |
The traversal is executed with the web server's privilege and leads to | |
sensitive file disclosure (passwd, siteconf.inc.php or similar), | |
access to source codes, hardcoded passwords or other high impact | |
consequences, depending on the web server's configuration. | |
This problem may exists in the production code if the example code was | |
copied into the production environment. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment