[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Afian Document Manager Local File Inclusion
Afian is an application that can add, in just minutes, powerful document management capabilities to any Web server. It provides an Web-based interface for documents residing on the Web server's file system.
This software has a secutity hole allow attackers download any files if they know the path.
Vulnerabilities: Bypass + Fullpath Disclosure + Local File Inclusion.
Version: Unknown (maybe 2.x.x)
Google Dork: Afian document manager
1. Bypass+Fullpath Disclosure:
It doesn't ask username/password and display fullpath.
2. Local File Inclusion: Read any files if know exactly path_of_file