Hot Links - Perl PHP Information Disclosure
| EKU-ID: 34250 | CVE: CVE-2006-7086;OSVDB-30486 | OSVDB-ID: |
| Author: hack2prison | Published: 2006-11-15 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 34250 | CVE: CVE-2006-7086;OSVDB-30486 | OSVDB-ID: |
| Author: hack2prison | Published: 2006-11-15 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/21112/info Hot Links is prone to an information-disclosure vulnerability because it fails to authenticate the user during specific download requests. An attacker can exploit this issue to retrieve administrative backup files. Information obtained may aid in further attacks. All versions of Hot Links SQL-PHP and Hot Links Pro are vulnerable; other forks may also be affected. http://www.example.com/[path]/dlback.php?dl=fullback