Plesk Login.PHP3 Directory Traversal Vulnerability
BID:23639
Info
Plesk Login.PHP3 Directory Traversal Vulnerability
| Bugtraq ID: | 23639 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 25 2007 12:00AM |
| Updated: | Apr 25 2007 09:00PM |
| Credit: | This issue was disclosed by the vendor. |
| Vulnerable: |
Plesk Plesk for Windows 8.1.1 Plesk Plesk for Windows 8.1 Plesk Plesk for Windows 7.6.1 |
| Not Vulnerable: | |
Discussion
Plesk Login.PHP3 Directory Traversal Vulnerability
Plesk is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
Plesk is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
Exploit / POC
Plesk Login.PHP3 Directory Traversal Vulnerability
Attackers may use a browser to exploit this issue.
An example URI has been provided:
https://www.example.com/login.php3?login_name=x&passwd=x&locale_id=../../../../../../../../boot.ini%00.jpg
Attackers may use a browser to exploit this issue.
An example URI has been provided:
https://www.example.com/login.php3?login_name=x&passwd=x&locale_id=../../../../../../../../boot.ini%00.jpg
Solution / Fix
Plesk Login.PHP3 Directory Traversal Vulnerability
Solution:
The vendor has released an update to address this issue. Contact the vendor for details on obtaining and applying the appropriate updates.
Solution:
The vendor has released an update to address this issue. Contact the vendor for details on obtaining and applying the appropriate updates.
References
Plesk Login.PHP3 Directory Traversal Vulnerability
References:
References: