[VIM] ES Simple Download 1.0 Local File Inclusion Vulnerability

George A. Theall theall at tenable.com
Fri Sep 10 08:18:36 CDT 2010

Bugtraq ids 43124 and 43133 both cover a local file include  
vulnerability in EnergyScripts Simple Download 1.0 involving the  
'file' parameter of the 'download.php' script. 43124 uses an exploit  
that's nearly identical to the one in Exploit DB 14960 while 43133  
differs only in the value of 'file'. Both are attributed to Kazza. So,  
why two BIDs? Rob?

theall at tenablesecurity.com

More information about the VIM mailing list