facebook facebook twitter rss

The Uploader 2.0.X Remote File disclosure Vulnerablity

Author: TUNISIAN CYBER , Published: 20-12-2013
[+] Author: TUNISIAN CYBER
[+] Exploit Title: The Uploader 2.0.X Remote File disclosure Vulnerablity
[+] Date: 20-12-2013
[+] Category: WebApp
[+] Vendor: http://sourceforge.net/projects/theuploader/files/?source=navbar
[+] Google Dork: n/a
[+] Tested on: Win7
[+] Friend's blog: http://na3il.wordpress.com/

########################################################################################
+Description:
you can upload and download file, with tons of functions manageable by an administraction area. To download the Enlighs Version, click on 'Files' above.

Exploit:
The Uploaders suffers from a Remote File disclosure Vulnerablity

File: download_launch.php
Parameter: filename

[PHP]
if($_SESSION['key'] == $_GET['key']) {
//Send download request
$open=fopen($main['upload_directory'] . $_GET['filename'], "r");
$size=filesize($main['upload_directory'] . $_GET['filename']);
$read=fread($open, $size);
header("Content-Type: application/octet-stream");
header("Content-Length: " . $size);
header("Content-Transfer-Encoding: binary");
header("Content-Disposition: attachment; filename=" . $_GET['filename']);
[PHP]

########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt, 5obzMtbga
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################

Like us on Facebook :