Pluck 4.7 multiple vulnerabilities
| EKU-ID: 945 | CVE: | OSVDB-ID: |
| Author: Bl4k3 | Published: 2011-09-09 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 945 | CVE: | OSVDB-ID: |
| Author: Bl4k3 | Published: 2011-09-09 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
# Exploit Title: Pluck 4.7 multiple vulnerabilities
# Google Dork: Powered by pluck
# Date: 05/08/2011
# Author: Bl4k3
# Software Link: http://www.pluck-cms.org/?file=download
# Version: 4.7
# Tested on: Debian
# CVE : /
1-File Inclusion:
include(ALBUMS_DIR.'/'.$_GET['album'].'.php');
Require:
if (file_exists(ALBUMS_DIR.'/'.$_GET['album'].'.php')) {
function albums_pages_site() {
2-File Inclusion
include (ALBUMS_DIR.'/'.$album['seoname'].'.php');
foreach ($albums as $album) {
$albums = albums_get_albums();
3-File Disclosure
echo readfile('../../settings/modules/albums/'.$image);
$image = $_GET['image'];
requires:
if (file_exists('../../settings/modules/albums/'.$image)) {
And a lot of low vulnerabilities!!
Bl4k3 HardC0de