PHP Scripts Mall Medical Store Script 3.0.3 has Path Traversal:[CVE-2019-9607]




Vulnerability Description => The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.




< < < How to Exploit > > >





1. Go to Medical Store Script site ( http://phpecommercescript.com/demo/medicalshop/)
⇓ ⇓ ⇓ ⇓




2. Open Burpsuit then intercept and spider the data.
⇓ ⇓ ⇓ ⇓




3. Now use the burp search option and search jpg or png
⇓ ⇓ ⇓ ⇓




4. Now pick any link and select show response in the browser
⇓ ⇓ ⇓ ⇓




5. Then delete the last part of URL [after last forward slash] (http://phpecommercescript.com/demo/medicalshop/wp-content/uploads/2016/10/about-cont-1170×400.jpg)
⇓ ⇓ ⇓ ⇓




6. You will get all The file lists (Directory listing)
⇓ ⇓ ⇓ ⇓




*** Also can check it by copy any picture URL and remove last part. ***

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

Create your website at WordPress.com
Get started
%d bloggers like this: