Cloisterblog Journal.pl Directory Traversal Vulnerability
BID:10000
Info
Cloisterblog Journal.pl Directory Traversal Vulnerability
| Bugtraq ID: | 10000 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2004 12:00AM |
| Updated: | Mar 29 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to Dotho <[email protected]>. |
| Vulnerable: |
Cloisterblog Cloisterblog 1.2.2 |
| Not Vulnerable: | |
Discussion
Cloisterblog Journal.pl Directory Traversal Vulnerability
A vulnerability has been reported to exist in Cloisterblog that may allow a remote attacker to access information outside the server root directory. The problem exists due to insufficient sanitization of user-supplied data. The issue may allow a remote attacker to traverse outside the server root directory by using '../' character sequences.
Successful exploitation of this vulnerability may allow a remote attacker to gain access to sensitive information that may be used to launch further attacks against a vulnerable system.
A vulnerability has been reported to exist in Cloisterblog that may allow a remote attacker to access information outside the server root directory. The problem exists due to insufficient sanitization of user-supplied data. The issue may allow a remote attacker to traverse outside the server root directory by using '../' character sequences.
Successful exploitation of this vulnerability may allow a remote attacker to gain access to sensitive information that may be used to launch further attacks against a vulnerable system.
Exploit / POC
Cloisterblog Journal.pl Directory Traversal Vulnerability
There is no exploit required. The following example has been provided:
http://www.example.com/cloisterblog/journal.pl?syear=2004&sday=11&smonth=../../../../../../../../etc/passwd%00
There is no exploit required. The following example has been provided:
http://www.example.com/cloisterblog/journal.pl?syear=2004&sday=11&smonth=../../../../../../../../etc/passwd%00
Solution / Fix
Cloisterblog Journal.pl Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.