Archangel Weblog Local File Include And Authentication Bypass Vulnerabilities
BID:23846
Info
Archangel Weblog Local File Include And Authentication Bypass Vulnerabilities
| Bugtraq ID: | 23846 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 07 2007 12:00AM |
| Updated: | May 07 2007 09:29PM |
| Credit: | Dj7xpl is credited with discovering these vulnerabilities. |
| Vulnerable: |
Archangel Management Weblog 0.90.2 |
| Not Vulnerable: | |
Discussion
Archangel Weblog Local File Include And Authentication Bypass Vulnerabilities
Archangel Weblog is prone to a local file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. The application is also prone to an authentication-bypass vulnerability.
A successful exploit would allow an attacker to view files, execute arbitrary local scripts within the context of the webserver, and gain unauthorized administrative access to the affected application.
These issues affect Archangel Weblog 0.90.02.
Archangel Weblog is prone to a local file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. The application is also prone to an authentication-bypass vulnerability.
A successful exploit would allow an attacker to view files, execute arbitrary local scripts within the context of the webserver, and gain unauthorized administrative access to the affected application.
These issues affect Archangel Weblog 0.90.02.
Exploit / POC
Archangel Weblog Local File Include And Authentication Bypass Vulnerabilities
Attackers can exploit these issue through a browser.
The following proof-of-concept URIs are available:
http://www.example.com/[TARGET]/[PATH]/index.php?index=[Local File]%00
http://www.example.com/blog/index.php?index=../../../../etc/passwd%00
Attackers can exploit these issue through a browser.
The following proof-of-concept URIs are available:
http://www.example.com/[TARGET]/[PATH]/index.php?index=[Local File]%00
http://www.example.com/blog/index.php?index=../../../../etc/passwd%00
Solution / Fix
Archangel Weblog Local File Include And Authentication Bypass Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Archangel Weblog Local File Include And Authentication Bypass Vulnerabilities
References:
References:
- Archangel Weblog Homepage (Archangel Management)