SoftArtisans FileUp Viewsrc.ASP Directory Traversal Vulnerability
BID:21821
Info
SoftArtisans FileUp Viewsrc.ASP Directory Traversal Vulnerability
| Bugtraq ID: | 21821 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-6865 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 30 2006 12:00AM |
| Updated: | Nov 05 2007 11:55PM |
| Credit: | Inge Henriksen is credited with the discovery of this vulnerability. |
| Vulnerable: |
SoftArtisans FileUp 5.0.14 |
| Not Vulnerable: | |
Discussion
SoftArtisans FileUp Viewsrc.ASP Directory Traversal Vulnerability
FileUp is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve the contents of arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
FileUp 5.0.14 is vulnerable to this issue; other versions may also be affected.
Note that the affected 'viewsrc.asp' script is a sample script available with the application and may not be installed by default.
FileUp is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve the contents of arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
FileUp 5.0.14 is vulnerable to this issue; other versions may also be affected.
Note that the affected 'viewsrc.asp' script is a sample script available with the application and may not be installed by default.
Exploit / POC
SoftArtisans FileUp Viewsrc.ASP Directory Traversal Vulnerability
Attackers may exploit this vulnerability via a web client.
The following proof of concept is available:
http://www.example.xom/SAFileUpSamples/util/viewsrc.asp?path=/SAFileUpSamples/%c0%ae./%c0%ae./web.config
Attackers may exploit this vulnerability via a web client.
The following proof of concept is available:
http://www.example.xom/SAFileUpSamples/util/viewsrc.asp?path=/SAFileUpSamples/%c0%ae./%c0%ae./web.config
Solution / Fix
SoftArtisans FileUp Viewsrc.ASP Directory Traversal Vulnerability
Solution:
The vendor stated that this issue will be addressed in a future version of FileUp.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
The vendor stated that this issue will be addressed in a future version of FileUp.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
SoftArtisans FileUp Viewsrc.ASP Directory Traversal Vulnerability
References:
References:
- SoftArtisans FileUp viewsrc.asp remote script source disclosure exploit (Inge Henriksen)
- FileUp Homepage (SoftArtisans)
- Re: SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit ([email protected])
- SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit (Inge Henriksen)