SL_site Gallerie.PHP Information Disclosure Vulnerability
BID:17672
Info
SL_site Gallerie.PHP Information Disclosure Vulnerability
| Bugtraq ID: | 17672 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 24 2006 12:00AM |
| Updated: | Apr 24 2006 09:36PM |
| Credit: | benozor77 is credited with the discovery of this vulnerability. |
| Vulnerable: |
Web-Provence SL_site 1.0 |
| Not Vulnerable: | |
Discussion
SL_site Gallerie.PHP Information Disclosure Vulnerability
SL_site is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary image files. This may be done by using directory-traversal sequences ('../') from the vulnerable system in the context of the application.
Information obtained by exploiting this issue may aid malicious users in further attacks.
SL_site is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary image files. This may be done by using directory-traversal sequences ('../') from the vulnerable system in the context of the application.
Information obtained by exploiting this issue may aid malicious users in further attacks.
Exploit / POC
SL_site Gallerie.PHP Information Disclosure Vulnerability
This vulnerability may be exploited with a web client.
This vulnerability may be exploited with a web client.
Solution / Fix
SL_site Gallerie.PHP Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
SL_site Gallerie.PHP Information Disclosure Vulnerability
References:
References:
- SL_site Web Site (Web-Provence)