1 What's Local File Download(LFD)?
- Local file download is kind of misconfigured web master or webdeveloper on php application.

2 Effect

2.1 Personal/website
- You will able to view all php source code in plain text.
- php source code is such as mysql connection data, eg: host, username, password and database

3 vulnerable source code
- Example 1
<?php
header("Content-type: application/octet-stream");
header("Content-disposition: attachment; filename=".$_GET['tbdsec']);
echo file_get_contents($_GET['tbdsec']);
?>
- Example 2
<?php
$filename = $_GET['hmsec'];
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Type: application/force-download");
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");
header("Content-Disposition: attachment; filename=".basename($filename).";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($filename));
@readfile($filename);
exit(0);
?>

4 Proof of Concept
- http://localhost/tbdsec.php?hmsec=configuration.php
- Download it, and open it.
- Walla! you able to all code in that page!

5 Patch code
- To admin/webmaster ask your web developer fix it :D

6 Suggestion
- Please don't you direct download, at least filter it.

7 Dork?
- No DORK For Script Kiddies

8 Thanks/Credits
- TDBSecurity(www.tbd.my<http://www.tbd.my>)
- HMSecurity(www.hmsecurity.org<http://www.hmsecurity.org>)
- Ahli Syurga Crew
- XShimeX
- Suhz
- And Google :D

Author: Ahlspiess

Explore More

EU Police learning hacking tricks. They are about to “Remote search” your PCs.

Law enforcement at European Union is working on ethical hacking proposal that will allow them to remotely access and monitor any PC without warrant. This is adopted after a decision

Critical Blind SQL injection in ChartNexus.com

PlanetCreator has reported another critical Blind SQL Injection (vulnerability) on http://www.starinvestorrelations.com/ which owned by FiNEX Solutions Pte. Ltd. (“FiNEX Solutions”) powered by http://www.chartnexus.com/ This vulnerability has been alerted to :-

WikiLeaks supporters step up cyber war

LONDON (AFP)— A group of hackers vowed on Thursday to intensify a “war of data” against Mastercard, Visa and other groups which have cut funding to the WikiLeaks website over