PHPBuilder HTM2PHP.PHP Directory Traversal Vulnerability
BID:21703
Info
PHPBuilder HTM2PHP.PHP Directory Traversal Vulnerability
| Bugtraq ID: | 21703 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 08 2006 12:00AM |
| Updated: | Nov 08 2006 12:00AM |
| Credit: | the master is credited with the discovery of this vulnerability. |
| Vulnerable: |
PHPBuilder PHPBuilder 0.0.2 |
| Not Vulnerable: | |
Discussion
PHPBuilder HTM2PHP.PHP Directory Traversal Vulnerability
PHPBuilder is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
A remote attacker could exploit this vulnerability to reveal the contents of files that contain sensitive information that could aid in further attacks against the affected computer.
PHPBuilder 0.0.2 is vulnerable to this issue; other versions may also be affected.
PHPBuilder is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
A remote attacker could exploit this vulnerability to reveal the contents of files that contain sensitive information that could aid in further attacks against the affected computer.
PHPBuilder 0.0.2 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
PHPBuilder HTM2PHP.PHP Directory Traversal Vulnerability
Attackers can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/[Path]/lib/htm2php.php?filename=../../../../../etc/passwd
http://www.example.com/[Path]/sitetools/htm2php.php?filename=../../../../../etc/passwd
Attackers can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/[Path]/lib/htm2php.php?filename=../../../../../etc/passwd
http://www.example.com/[Path]/sitetools/htm2php.php?filename=../../../../../etc/passwd
Solution / Fix
PHPBuilder HTM2PHP.PHP Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].