Skip to main content

Posts

Featured

onArcade 2.4.x Local File Get Contents Vulnerability

onArcade is a nice PHP CMS Software that handle videos and online games content,
there is no enough filtering for template file handler,
which leads to file_get_contents() vulnerability.

[2] Vulnerable Versions

onArcade 2.4.2
onArcade 2.4.1
onArcade 2.4.0

[3] Bug Track

Because of the special treatment for .php extension, we wont be able to read the files with php extension
But , you may use Null-Byte to bypass this problem and "drop" the extension in file path when PHP <= 5.3.4.

[4] POC Video


[5] Links

https://packetstormsecurity.com/files/141792/onArcade-2.4.x-Local-File-Disclosure.html

http://0day.today/exploit/description/27410

Latest Posts