Local File Inclusion vulnerability

coderoflagos / YouTube-Video-Downloader

Created this YouTube video downloader, I used a script for some of it's parts. It was created with Php and Bootstrap and a little bit of CSS and JQuery.

52 stars 16 forks source link

Local File Inclusion vulnerability #1

Open Fluepke opened 3 years ago

Fluepke commented 3 years ago

download.php seems vulnerable to a local file inclusion attack because of non-proper validation of the $_GET["token"] user input. (Only came across this, because it had a lot of likes on Twitter and didn't have time to test / reproduce)

coderoflagos commented 3 years ago

Thanks so much

VISQonSpotify commented 3 years ago

Did this ever get updated? :)