Wabbit PHP Gallery Dir Parameter Directory Traversal Vulnerability
BID:21213
Info
Wabbit PHP Gallery Dir Parameter Directory Traversal Vulnerability
| Bugtraq ID: | 21213 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 20 2006 12:00AM |
| Updated: | Nov 23 2006 10:40PM |
| Credit: | the_3dit0r is credited with the discovery of this vulnerability. |
| Vulnerable: |
Wabbit Wabbit PHP Gallery 0.9 |
| Not Vulnerable: | |
Discussion
Wabbit PHP Gallery Dir Parameter Directory Traversal Vulnerability
Wabbit PHP Gallery is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to retrieve the contents of arbitrary files in the context of the webserver process. Information obtained may aid in further attacks.
Wabbit PHP Gallery is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to retrieve the contents of arbitrary files in the context of the webserver process. Information obtained may aid in further attacks.
Exploit / POC
Wabbit PHP Gallery Dir Parameter Directory Traversal Vulnerability
Attackers can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/index.php?dir=../../../../../../etc/passwd
Attackers can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/index.php?dir=../../../../../../etc/passwd
Solution / Fix
Wabbit PHP Gallery Dir Parameter Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Wabbit PHP Gallery Dir Parameter Directory Traversal Vulnerability
References:
References: