================================================= The Uploader 2.0.4 Remote File disclosure Vulnerability ================================================= ============================================== # Script Name : The Uploader # Version : [2.0.4] # Language : php # Author : Xa7m3d (H4K@hotmail.ch) # Download : http://sourceforge.net/projects/theuploader # Tested on : ubuntu 9.10 ============================================== File Disclosure : in : api/download_launch.php ####################################### $open=fopen($main['upload_directory'] . $_GET['filename'], "r");