Minis Remote Directory Traversal Vulnerability
BID:12279
Info
Minis Remote Directory Traversal Vulnerability
| Bugtraq ID: | 12279 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0293 CVE-2005-0294 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 17 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | Discovery is credited to Madelman <[email protected]>. |
| Vulnerable: |
Minis Minis 0.2.1 |
| Not Vulnerable: | |
Discussion
Minis Remote Directory Traversal Vulnerability
Minis is reportedly susceptible to a remote directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input.
A malicious user may issue a request containing directory traversal strings such as '../' to possibly view files outside the server root directory.
Minis 0.2.1 is affected by this issue. It is possible that prior versions are vulnerable as well.
Minis is reportedly susceptible to a remote directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input.
A malicious user may issue a request containing directory traversal strings such as '../' to possibly view files outside the server root directory.
Minis 0.2.1 is affected by this issue. It is possible that prior versions are vulnerable as well.
Exploit / POC
Minis Remote Directory Traversal Vulnerability
An exploit is not required.
Examples sufficient to demonstrate this vulnerability are provided:
http://www.example.com/minis/minis.php?month=../../../../../../../../var/log/XFree86.0
An exploit is not required.
Examples sufficient to demonstrate this vulnerability are provided:
http://www.example.com/minis/minis.php?month=../../../../../../../../var/log/XFree86.0
Solution / Fix
Minis Remote Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Minis Remote Directory Traversal Vulnerability
References:
References:
- Minis Home Page (Minis)
- Minis directory traversal vulnerability (Madelman