Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17283
HistoryJun 18, 2007 - 12:00 a.m.

[Full-disclosure] WSPortal version 1.0 Path Disclosure Vulnerability

2007-06-1800:00:00
vulners.com
17
JSON

netVigilance Security Advisory #32
WSPortal version 1.0 Path Disclosure Vulnerability
Description:
WSPortal is a site management system coded in PHP/MySQL. It is capable of adding pages, adding news to pages, adding images to news articles, alerting the
site or a specific ip address, private messaging system between administrators.
Successful exploitation requires PHP magic_quotes_gpc set to OFF.
Advisory URL:
http://www.netvigilance.com/advisory0032
External References:
Mitre CVE: CVE-2007-3127
NVD NIST: CVE-2007-3127
OSVDB: 34163
Summary:
WSPortal is a site management system coded in PHP/MySQL.
Security problem in the product allows attackers to gather the true path of the server-side script.
Release Date:
06/17/2007

Severity:
Risk: Low

CVSS Metrics
Access Vector: Remote
Access Complexity: Low
Authentication: Not-required
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
Impact Bias: Normal
CVSS Base Score: 2.3

Target Distribution on Internet: Low

Exploitability: Functional Exploit
Remediation Level: Workaround
Report Confidence: Uncorroborated

Vulnerability Impact: Attack
Host Impact: Path disclosure.
SecureScout Testcase ID:
TC 17962
Vulnerable Systems:
WSPortal version 1.0
Vulnerability Type:
Program flaws - The product scripts have flaws which lead to Warnings or even Fatal Errors.
Vendor:
Chris Harvey
Vendor Status:
The Vendor has been notified several times on many different email addresses last on 6 June 2007. The Vendor has not responded. There is no official fix
at the release of this Security Advisory.
Workaround:
Set display_errors = Off (php.ini file) or set magic_quotes_gpc = On (php.ini file).
Example:
REQUEST:
http://[TARGET]/[WSPORTAL-DIRECTORY]/content.php?page=';
REPLY:
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>[DISCLOSED PATH][WSPORTAL-DIRECTORY]\content.php</b> on
line <b>67</b><br />
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>[DISCLOSED PATH][WSPORTAL-DIRECTORY]\content.php</b> on
line <b>76</b><br />
Credits:
Jesper Jurcenoks
Co-founder netVigilance, Inc
www.netvigilance.com

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Related

cve 1
prion 1
securityvulns 1
cve
cve
CVE-2007-3127
2007-06-19 17:30:00
prion
prion
Design/Logic Flaw
2007-06-19 17:30:00
securityvulns
securityvulns
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2007-06-18 00:00:00
JSON
Related for SECURITYVULNS:DOC:17283
cve1prion1securityvulns1