Jemscripts Download Control v1.0

2006.05.25

Credit: luny youfucktard com

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-2553 | CVE-2006-2552

CWE: N/A

Jemscripts Download Control v1.0

Homepage:

http://www.jemscripts.co.uk

Description:

DownloadControl provides a complete download file management system that is easy to set-up and maintain and yet gives you powerful features for controlling and monitoring your site download files.  You will need to have a Unix, Linux or Windows server with PHP installed.  No database is required.

effected files:

dc.php

Exploit: SQL Injection of dc.php causes a full path disclosure error.

example:

http://www.example.com/dc.php?dcid=80477172'

Warning: file(datinfo36/''/module_data.dat): failed to open stream: No such file or directory in /homepages/examplesite/downloadcontrol/functions.php on line 130

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Jemscripts Download Control v1.0

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.