DES exposure checker - Arbitary File Download Vulnerability

ID 1337DAY-ID-23255
Type zdt
Reporter Conslight
Modified 2015-02-08T00:00:00


DES exposure checker is a free web application, used to see how real DES images look.

                                            This vulnerability allow kind of user can to download a file from the distant server, like PHP files, TXT file, etc.

Theory : http://{SERVER}/getImage.php?name={FILE.EXT}

Example :

# [2018-04-14]  #