PHP RRD Browser P Parameter Directory Traversal Vulnerability

Bugtraq ID:	22520
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 12 2007 12:00AM
Updated:	Feb 12 2007 12:00AM
Credit:	Sebastian Wolfgarten is credited with the discovery of this vulnerability.
Vulnerable:	prb php rrd browser 0.2
Not Vulnerable:	prb php rrd browser 0.2.1

PHP RRD Browser P Parameter Directory Traversal Vulnerability

php rrd browser is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve the contents of arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.

Versions prior to 0.2.1 are vulnerable to this issue.

PHP RRD Browser P Parameter Directory Traversal Vulnerability

Attackers may exploit this vulnerability via a web client.

The following proof of concept is available:

http://www.example.com/prb/www/?p=../../../../../../../etc/passwd

PHP RRD Browser P Parameter Directory Traversal Vulnerability

Solution:
The vendor released an update to address this issue. Please see the references for more information.

PHP RRD Browser P Parameter Directory Traversal Vulnerability

References:

• PHP RRD Browser Homepage (PRB)
  
• Arbitrary file disclosure vulnerability in php rrd browser < 0.2.1 ([email protected])
  
• PHP RRD Browser Advisory (Devtarget )