Hot Links Perl PHP Information Disclosure Vulnerability

2006-11-15T00:00:00
ID EDB-ID:29047
Type exploitdb
Reporter hack2prison
Modified 2006-11-15T00:00:00

Description

Hot Links Perl PHP Information Disclosure Vulnerability. CVE-2006-7086. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/21112/info

Hot Links is prone to an information-disclosure vulnerability because it fails to authenticate the user during specific download requests.

An attacker can exploit this issue to retrieve administrative backup files. Information obtained may aid in further attacks.

All versions of Hot Links SQL-PHP and Hot Links Pro are vulnerable; other forks may also be affected.

http://www.example.com/[path]/dlback.php?dl=fullback