This Perl script exploits a file disclosure vulnerability in ZineBasic 1.1 by sending a crafted HTTP request to 'delImage.php' with a malicious 'id' parameter, allowing remote file disclosure. The exploit leverages LWP::UserAgent to fetch arbitrary files from the target system.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:ZineBasic 1.1
No auth needed
Prerequisites:Target must be running ZineBasic 1.1 · The vulnerable 'delImage.php' endpoint must be accessible