File Download 1.3 Remote File Download Exploit

vendor:

File Download 1.3

by:

Aodrulez

7,5

CVSS

HIGH

Remote File Download

434

CWE

Product Name: File Download 1.3

Affected Version From: 1.3

Affected Version To: 1.3

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

File Download 1.3 Remote File Download Exploit

This particular php script,named as 'download.php' can be tricked into allowing a remote attacker to download all kinds of files such as .php,.txt etc etc.This can be achieved by adding a null byte followed by an allowed extension..for eg: http://www.site.com/download.php?f=/path/file.php%00.jpg

Mitigation:

Ensure that the download.php script is not vulnerable to null byte injection attacks.

Source

Exploit-DB raw data:

---------------------------------------------------
"File Download 1.3" Remote File Download Exploit.
---------------------------------------------------
By       :Aodrulez. 
Email    :f3arm3d3ar@gmail.com
Blog	   :aodrulez.blogspot.com.
---------------------------------------------------

Script Name:File Download 1.3
Vendor     :http://www.zubrag.com/scripts/ 

Description:

This particular php script,named as "download.php"
can be tricked into allowing a remote attacker to
download all kinds of files such as .php,.txt etc 
etc.This can be achieved by adding a null byte 
followed by an allowed extension..for eg:

http://www.site.com/download.php?f=/path/file.php%00.jpg

-----------------------------------------------------
Greetz Fly Out to:
1] Amforked()      : My Mentor.
2] The Blue Genius : My Boss.
3] www.OrchidSeven.com.

"If you think C++ is not overly complicated, just what is 
a protected abstract virtual base pure virtual private 
destructor, and when was the last time you needed one?"
-- Tom Cargil.

# milw0rm.com [2009-04-29]