File Download 1.3 Remote File Download

2009.05.02
Credit: Aodrulez.
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

--------------------------------------------------- "File Download 1.3" Remote File Download Exploit. --------------------------------------------------- By :Aodrulez. Email :f3arm3d3ar@gmail.com Blog :aodrulez.blogspot.com. --------------------------------------------------- Script Name:File Download 1.3 Vendor :http://www.zubrag.com/scripts/ Description: This particular php script,named as "download.php" can be tricked into allowing a remote attacker to download all kinds of files such as .php,.txt etc etc.This can be achieved by adding a null byte followed by an allowed extension..for eg: http://www.site.com/download.php?f=/path/file.php%00.jpg ----------------------------------------------------- Greetz Fly Out to: 1] Amforked() : My Mentor. 2] The Blue Genius : My Boss. 3] www.OrchidSeven.com. "If you think C++ is not overly complicated, just what is a protected abstract virtual base pure virtual private destructor, and when was the last time you needed one?" -- Tom Cargil.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top