Advisory 2

               - Article Friendly File Inclusion -

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Software Description------------------------------------------------>1
Affected Version---------------------------------------------------->2
Impact-------------------------------------------------------------->3
Vulnerability------------------------------------------------------->4
Solution------------------------------------------------------------>5
Timeline------------------------------------------------------------>6
Credits------------------------------------------------------------->7

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

1) Software Description

"Article Friendly Pro is our top rated, feature packed and inexpensive
article publishing script."

http://www.articlefriendly.com/

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2) Affected Version

* Article Friendly  4.9
* Article Friendly Pro 5.1.2

Represents tested version.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

3) Impact

Information Disclosure

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

4) Vulnerability

Lack of or an error in input sanitation can be exploited by
unauthenitcated users to view sensitive information.

"filename" parameter in "admin/index.php" is not sanitised and
used to include local files. Attackers can use this to view
system information which can be used to carry out additional attacks.

Example:
http://localhost/admin/index.php?filename=../../../../../etc/passwd%00

"magic_quotes_gpc" must be disabled in order to exploit.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

5) Solution

Enable "magic_quotes_gpc".

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

6) Timeline

2010/02/20 - Discovered.
2010/02/24 - Vendor notification.
2010/03/01 - Vendor response.
2010/04/11 - Public disclosure.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

7) Credits

Akademik

http://www.indonesiancoder.org/