[VIM] phpMyConferences <= 8.0.2 Remote File Disclosure Vulnerability
George A. Theall
theall at tenablesecurity.com
Wed Oct 31 20:14:15 UTC 2007
I don't know how many sites are actually affected by this. Here's the
affected script as it appears in version 8.0.2:
<?php
header("Content-disposition: attachment; filename=".$_GET('filname']);
header("Content-Type: application/force-download");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($_GET['dir']));
header("Pragma: no-cache");
header("Cache-Control: no-store, no-cache, must-revalidate,
post-check=0, pre-check=0");
header("Expires: 0");
readfile($_GET['dir']);
?>
Notice the unclosed bracket in the second line above? php can't parse it.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list