The writeup describes a local file inclusion vulnerability in rConfig's downloadFile.php, allowing authenticated users to download arbitrary files from the server. The vulnerability is due to lack of validation on the download_file parameter.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:rConfig 3.1.1 and earlier
Auth required
Prerequisites:Authenticated access to the rConfig application