CamanJS-master/proxies/caman_proxy.php open proxy
lcashdol opened this issue · comments
Hello All,
caman_proxy.php acts as an unauthenticated open proxy, it can also be used to read local files on a system as long as they end with an image extension like .jpg,.png,.gif,.jpeg
Local Image Files:
http://www.vapidlabs.com/wp-content/plugins/grand-media/assets/image-editor/camanjs/proxies/caman_proxy.php?camanProxyUrl=/tmp/loader.gif
I've also filed a vulnerability report with the authors of the grand media wordpress plugin.
If a user changes the default behavior of requiring a specific extension on line 4 to true
define('ALLOW_NO_EXT', false);
Then caman_proxy.php can be used to read sensitive system files on a local system.
The link is bad....
Ah sorry those were just example proof of concept exploits, this is a better write up:
http://www.vapidlabs.com/advisory.php?v=122
Closing.