Blank'N'Berg Directory Traversal Vulnerability
BID:17345
Info
Blank'N'Berg Directory Traversal Vulnerability
| Bugtraq ID: | 17345 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 31 2006 12:00AM |
| Updated: | Apr 03 2006 09:13PM |
| Credit: | Amine ABOUD <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
Blank'N'Berg Blank'N'Berg 0.2 |
| Not Vulnerable: | |
Discussion
Blank'N'Berg Directory Traversal Vulnerability
Blank'N'Berg is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.
Blank'N'Berg 0.2 is reportedly vulnerable.
Blank'N'Berg is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.
Blank'N'Berg 0.2 is reportedly vulnerable.
Exploit / POC
Blank'N'Berg Directory Traversal Vulnerability
This vulnerability may be exploited with a web client.
The following proof of concept is available:
http://www.example.com/index.php?_path=../../.. /../../
This vulnerability may be exploited with a web client.
The following proof of concept is available:
http://www.example.com/index.php?_path=../../.. /../../
Solution / Fix
Blank'N'Berg Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
Blank'N'Berg Directory Traversal Vulnerability
References:
References:
- Blank'N'Berg Product Page (Fred Scalliet)