Описание
download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter.
download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-1569
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66177
- http://osvdb.org/71250
- http://secunia.com/advisories/43792
- http://securityreason.com/securityalert/8180
- http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0
- http://www.exploit-db.com/exploits/17011
- http://www.securityfocus.com/archive/1/517085/100/0/threaded
- http://www.securityfocus.com/bid/46927
Связанные уязвимости
nvd
почти 15 лет назад
download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter.