DZCP Clanportal Index.PHP Arbitrary File Upload Vulnerability
BID:21389
Info
DZCP Clanportal Index.PHP Arbitrary File Upload Vulnerability
| Bugtraq ID: | 21389 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 01 2006 12:00AM |
| Updated: | Dec 02 2006 01:14AM |
| Credit: | Tim Weber is credited with the discovery of this vulnerability. |
| Vulnerable: |
deV!Lz Clanportal deV!Lz Clanportal 1.3.6 |
| Not Vulnerable: |
deV!Lz Clanportal deV!Lz Clanportal 1.3.6 .1 |
Discussion
DZCP Clanportal Index.PHP Arbitrary File Upload Vulnerability
deV!L`z Clanportal is prone to an arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process. This may facilitate the compromise of the application; other attacks are possible.
Version 1.3.6 is vulnerable; prior versions may be affected.
deV!L`z Clanportal is prone to an arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process. This may facilitate the compromise of the application; other attacks are possible.
Version 1.3.6 is vulnerable; prior versions may be affected.
Exploit / POC
DZCP Clanportal Index.PHP Arbitrary File Upload Vulnerability
Attackers can exploit this issue via a web client.
The following proof of concept is available:
Attackers can exploit this issue via a web client.
The following proof of concept is available:
Solution / Fix
DZCP Clanportal Index.PHP Arbitrary File Upload Vulnerability
Solution:
The vendor has released version 1.3.6.1 to address this issue. Please see the references for more information.
deV!Lz Clanportal deV!Lz Clanportal 1.3.6
Solution:
The vendor has released version 1.3.6.1 to address this issue. Please see the references for more information.
deV!Lz Clanportal deV!Lz Clanportal 1.3.6
-
deV!Lz Clanportal hotfix_1.3.6.1.rar
http://www.dzcp.de/downloads/index.php?action=getfile&id=106
References
DZCP Clanportal Index.PHP Arbitrary File Upload Vulnerability
References:
References:
- deV!Lz Clanportal Homepage (deV!Lz Clanportal)
- deV!L`z Clanportal - Arbitrary File Upload (Tim Weber)