Advisory 2 - Article Friendly File Inclusion - ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Software Description------------------------------------------------>1 Affected Version---------------------------------------------------->2 Impact-------------------------------------------------------------->3 Vulnerability------------------------------------------------------->4 Solution------------------------------------------------------------>5 Timeline------------------------------------------------------------>6 Credits------------------------------------------------------------->7 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1) Software Description "Article Friendly Pro is our top rated, feature packed and inexpensive article publishing script." http://www.articlefriendly.com/ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2) Affected Version * Article Friendly 4.9 * Article Friendly Pro 5.1.2 Represents tested version. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3) Impact Information Disclosure ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4) Vulnerability Lack of or an error in input sanitation can be exploited by unauthenitcated users to view sensitive information. "filename" parameter in "admin/index.php" is not sanitised and used to include local files. Attackers can use this to view system information which can be used to carry out additional attacks. Example: http://localhost/admin/index.php?filename=../../../../../etc/passwd%00 "magic_quotes_gpc" must be disabled in order to exploit. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5) Solution Enable "magic_quotes_gpc". ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 6) Timeline 2010/02/20 - Discovered. 2010/02/24 - Vendor notification. 2010/03/01 - Vendor response. 2010/04/11 - Public disclosure. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 7) Credits Akademik http://www.indonesiancoder.org/