header-logo
Suggest Exploit
vendor:
SQL-PHP and Hot Links Pro
by:
SecurityFocus
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: SQL-PHP and Hot Links Pro
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Hot Links Information Disclosure Vulnerability

Hot Links is prone to an information-disclosure vulnerability because it fails to authenticate the user during specific download requests. An attacker can exploit this issue to retrieve administrative backup files. Information obtained may aid in further attacks.

Mitigation:

Ensure that authentication is enforced for all download requests.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/21112/info

Hot Links is prone to an information-disclosure vulnerability because it fails to authenticate the user during specific download requests.

An attacker can exploit this issue to retrieve administrative backup files. Information obtained may aid in further attacks.

All versions of Hot Links SQL-PHP and Hot Links Pro are vulnerable; other forks may also be affected.

http://www.example.com/[path]/dlback.php?dl=fullback

Navigation

Suggest Exploit

Services By CQR