Trending

PHP Scripts Mall Image Sharing Script 1.3.4 has directory Traversal-CVE-2019-7431

cve-2019-7431-vikas-chaudhary

*******************************************************************************************
# Exploit Title: PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory.
# Date: 30.12.2018
# Site Title : Image Sharing Script
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link: http://74.124.215.220/~config/demo/stock-free-snap/index.php
# Category: Web Application
# Version: 3.1.4
# Exploit Author: Vikas Chaudhary
# Contact: https://www.facebook.com/profile.php?id=100011287630308
# Web: https://gkaim.com/
# Tested on: Windows 10 -Firefox
# CVE-2019-7431
*****************************************************************************************
Vulnerability Description => A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files.
****************************************************************************************

Proof of Concept:-
————————–
1. Go to the site ( http://74.124.215.220/~config/demo/stock-free-snap/index.php ) .
2- Click on Register => and then fill the forms.
3-Goto your mail and Verify it.
4-Come back to site and Login using your Verified Mail and Password.
5-Open Burpsuit and intercept the data.
6-Now Pick any url contains wp-content ex (http://74.124.215.220/~config/demo/stock-free-snap/images/logo.png )
7- Now show response in browser and delete the last portion of url (after last / ) Ex- http://74.124.215.220/~config/demo/stock-free-snap/images/
8- You will get all The file lists
** Also can check it by intruder .**
***************************************************************************************

2 thoughts on “PHP Scripts Mall Image Sharing Script 1.3.4 has directory Traversal-CVE-2019-7431

  1. Pingback: CVE.report
  2. Assignment help Australia offers best assignment help through a team of experienced in-house writers. We deliver the best assignment solutions to help boost the grades and assist students in learning the subject and associated concepts. We aim to provide step-by-step solution to every assignment help problem making it easy for students to grasp the subject.

Comment Please