SecurityvulnsSECURITYVULNS:DOC:14050Assault Content Manager v.1.2 Directory Traverlal Vulnerability
Assault Content Manager v.1.2 Directory Traverlal Vulnerability
SEVERITY:
Medium
SOFTWARE:
Assault Content Manager v1.2
INFO:
Assault Content Manager v1.2 is a simple CMS that uses files to store information
DESCRIPTION:
Assault Content Manager v1.2 is vulnerable to a directory traversal attack
Examples:
Create an account and login.From then do this request:
http://127.0.0.1/acm/index.php?downloads&dir=../
The vulnerable code is:
$link="?downloads&dir={$value}
Where $value has no protection
*The bug isn't аffected by magic_quotes_gpc or register_globals
VENDOR STATUS
Vendor was contacted but no response received till date.
MY FIX:
Open downloads.php(it's located in the includes folder) and after $direct=$_SERVER['QUERY_STRING']; put:
if(preg_match("/\.\./i", $dir)){echo "HACKING attempt !";exit(0);} //keep it simple and effective !
This vulnerability was discovered by matrix_killer
mail : matrix_k at abv.bg
Greets: EcLiPsE, Blood3R and Acid_BDS
http://ide.li/ - портал за българите по света. Статии, новини, форуми, снимки, информация.