Mambo Flyspray Startdown.PHP Information Disclosure Vulnerability

Bugtraq ID:	21315
Class:	Input Validation Error
CVE:	CVE-2006-6203
Remote:	Yes
Local:	No
Published:	Nov 27 2006 12:00AM
Updated:	Jan 25 2007 04:24PM
Credit:	Dr Max Virus is credited with the discovery of this vulnerability.
Vulnerable:	Krishan Mambo Flyspray 1.0.1 Krishan Mambo Flyspray 0.9.8 Krishan Mambo Flyspray 0.9.7 Krishan Mambo Flyspray 0.9.8 development
Not Vulnerable:	Krishan Mambo Flyspray 1.0.2

Mambo Flyspray Startdown.PHP Information Disclosure Vulnerability

Mambo Flyspray is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied parameters.

An attacker can exploit this issue to retrieve arbitrary files with the privileges of the vulnerable application. Information harvested during successful exploits will aid in further attacks.

Mambo Flyspray 1.0.1 and prior versions are vulnerable to this issue.

Mambo Flyspray Startdown.PHP Information Disclosure Vulnerability

Attackers can exploit this issue via a web client.

The following proof-of-concept URI is available:

http://www.example.com/components/com_flyspray/startdown.php?file=config.inc.php

Mambo Flyspray Startdown.PHP Information Disclosure Vulnerability

Solution:
The vendor has released an update to address this issue. Please see the references for more information.

Mambo Flyspray Startdown.PHP Information Disclosure Vulnerability

References:

• Flyspray Release Notes Version 1.0.2 (Flyspray)
  
• Mambo Flyspray Homepage (Krishan)