CVE-2011-1569

Douran Portal 3.9.7.8 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1569. PoCs published by AJAX Security Team.

AI-analyzed exploit summary This is a writeup describing a file download/source code disclosure vulnerability in Douran Portal 3.9.7.8. It provides PoC URLs to bypass security protections and download sensitive files like web.config.

Description

download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by AJAX Security Team · textwebappsasp

https://www.exploit-db.com/exploits/17011

View Code ZIP pw:eip

This is a writeup describing a file download/source code disclosure vulnerability in Douran Portal 3.9.7.8. It provides PoC URLs to bypass security protections and download sensitive files like web.config.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Douran Portal 3.9.7.8

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK