bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/8567.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

33 lines
No EOL
1 KiB
Text
Raw Blame History

---------------------------------------------------
"File Download 1.3" Remote File Download Exploit.
---------------------------------------------------
By :Aodrulez.
Email :f3arm3d3ar@gmail.com
Blog :aodrulez.blogspot.com.
---------------------------------------------------
Script Name:File Download 1.3
Vendor :http://www.zubrag.com/scripts/
Description:
This particular php script,named as "download.php"
can be tricked into allowing a remote attacker to
download all kinds of files such as .php,.txt etc
etc.This can be achieved by adding a null byte
followed by an allowed extension..for eg:
http://www.site.com/download.php?f=/path/file.php%00.jpg
-----------------------------------------------------
Greetz Fly Out to:
1] Amforked() : My Mentor.
2] The Blue Genius : My Boss.
3] www.OrchidSeven.com.
"If you think C++ is not overly complicated, just what is
a protected abstract virtual base pure virtual private
destructor, and when was the last time you needed one?"
-- Tom Cargil.
# milw0rm.com [2009-04-29]
Reference in a new issue View git blame Copy permalink