ASP Folder Gallery - 'Download_Script.asp' Arbitrary File Download
| EKU-ID: 35266 | CVE: CVE-2007-3158;OSVDB-38372 | OSVDB-ID: |
| Author: freeprotect.net | Published: 2007-06-06 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 35266 | CVE: CVE-2007-3158;OSVDB-38372 | OSVDB-ID: |
| Author: freeprotect.net | Published: 2007-06-06 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/24345/info ASP Folder Gallery is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files within the context of the affected webserver. http://www.example.com/aspfoldergallery/download_script.asp?file=viewimage.asp