WebFWLog Debug.PHP Information Disclosure Vulnerability
BID:22291
Info
WebFWLog Debug.PHP Information Disclosure Vulnerability
| Bugtraq ID: | 22291 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0585 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 29 2007 12:00AM |
| Updated: | May 12 2015 07:35PM |
| Credit: | GolD_M <hacker_ [at] w.cn> is credited with the discovery of this vulnerability. |
| Vulnerable: |
Webfwlog Webfwlog 0.92 Webfwlog Webfwlog 0.91 |
| Not Vulnerable: |
Webfwlog Webfwlog 0.93 |
Discussion
WebFWLog Debug.PHP Information Disclosure Vulnerability
Webfwlog is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to retrieve any file the application has read access to. Information obtained may aid in further attacks.
Webfwlog 0.91 and 0.92 are vulnerable to this issue.
Webfwlog is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to retrieve any file the application has read access to. Information obtained may aid in further attacks.
Webfwlog 0.91 and 0.92 are vulnerable to this issue.
Exploit / POC
WebFWLog Debug.PHP Information Disclosure Vulnerability
Attackers can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/include/debug.php?config[debug]=10&conffile=config.php
Attackers can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/include/debug.php?config[debug]=10&conffile=config.php
Solution / Fix
WebFWLog Debug.PHP Information Disclosure Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.