Nova CMS – Directory Traversal

• Exploit Database
• 10 阅读

• 作者： Red Security TEAM
  日期： 2012-01-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18403/

• # 
  # Title : Nova CMS Directory Travel
  # Author: Red Security TEAM
  # Date: 21/01/2012
  # Download: http://www.nova-cms.com/uploads/files/novacms.zip
  # Tested On : CentOS
  # Dork: Copyright ©2005-2011 by Nova CMS.
  # Contact : Info [ 4t ] RedSecurity [ d0t ] COM
  # Home: http://RedSecurity.COM
  #
  # Exploit :
  # 
  # 1. Register
  # 2. Go to forum and click on "NEW TOPIC"
  # 3. In the above tab in editor click on last picture "Attach File"
  # 4. Start Live HTTP headers
  # 5. Add a new allowed file
  # 6. Find dir=uploads%2Fforum%2Fdata-YourUsername2F&options=true&ajax=true and click on Reply on Live HTTP headers
  # 7. Change to dir=uploads%2F , dir=uploads%2Fbackup%2F
  # 8. You can't back to directory before uploads directory but you can see all directory in uploads example another users files and uploads/backup/ ;):D
  #