The exploit demonstrates a remote file download vulnerability in DMXReady SDK <= 1.1 by manipulating the 'filename' and 'filelocation' parameters in a crafted URL. This allows an attacker to download arbitrary files from the server without authentication.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:DMXReady SDK <= 1.1
No auth needed
Prerequisites:Access to the target web application