Torrentflux-B4RT Viewnfo.PHP Directory Traversal Vulnerability
BID:21613
Info
Torrentflux-B4RT Viewnfo.PHP Directory Traversal Vulnerability
| Bugtraq ID: | 21613 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 15 2006 12:00AM |
| Updated: | Dec 15 2006 12:00AM |
| Credit: | r0ut3r is credited with the discovery of this vulnerability. |
| Vulnerable: |
Torrentflux-b4rt Torrentflux-b3rt 2.1-b4rt-96 |
| Not Vulnerable: |
Torrentflux-b4rt Torrentflux-b3rt 2.1-b4rt-97 |
Discussion
Torrentflux-B4RT Viewnfo.PHP Directory Traversal Vulnerability
Torrentflux-B4RT is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid the attacker in further attacks.
Torrentflux-B4RT versions prior to 2.1-b4rt-97 are vulnerable.
Torrentflux-B4RT is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid the attacker in further attacks.
Torrentflux-B4RT versions prior to 2.1-b4rt-97 are vulnerable.
Exploit / POC
Torrentflux-B4RT Viewnfo.PHP Directory Traversal Vulnerability
Attackers can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/viewnfo.php?path=../config.php
Attackers can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/viewnfo.php?path=../config.php
Solution / Fix
Torrentflux-B4RT Viewnfo.PHP Directory Traversal Vulnerability
Solution:
The vendor has released version 2.1-b4rt-97 to address this issue; please see the reference section for details.
Torrentflux-b4rt Torrentflux-b3rt 2.1-b4rt-96
Solution:
The vendor has released version 2.1-b4rt-97 to address this issue; please see the reference section for details.
Torrentflux-b4rt Torrentflux-b3rt 2.1-b4rt-96
-
Torrentflux-b4rt torrentflux_2.1-b4rt-97.tar.bz2
http://download.berlios.de/tf-b4rt/torrentflux_2.1-b4rt-97.tar.bz2
References
Torrentflux-B4RT Viewnfo.PHP Directory Traversal Vulnerability
References:
References:
- TorrentFlux Homepage (TorrentFlux)