Hello All,
caman_proxy.php acts as an unauthenticated open proxy, it can also be used to read local files on a system as long as they end with an image extension like .jpg,.png,.gif,.jpeg
If a user changes the default behavior of requiring a specific extension on line 4 to true
define('ALLOW_NO_EXT', false);
Then caman_proxy.php can be used to read sensitive system files on a local system.
Hello All, caman_proxy.php acts as an unauthenticated open proxy, it can also be used to read local files on a system as long as they end with an image extension like .jpg,.png,.gif,.jpeg
Open Proxy: http://www.vapidlabs.com/wp-content/plugins/grand-media/assets/image-editor/camanjs/proxies/caman_proxy.php?camanProxyUrl=http://192.168.0.2/banner3.jpeg
Local Image Files: http://www.vapidlabs.com/wp-content/plugins/grand-media/assets/image-editor/camanjs/proxies/caman_proxy.php?camanProxyUrl=/tmp/loader.gif I've also filed a vulnerability report with the authors of the grand media wordpress plugin.
If a user changes the default behavior of requiring a specific extension on line 4 to true define('ALLOW_NO_EXT', false); Then caman_proxy.php can be used to read sensitive system files on a local system.