SisfoKampus dwoprn.php Arbitrary File Download Vulnerability
BID:25617
Info
SisfoKampus dwoprn.php Arbitrary File Download Vulnerability
| Bugtraq ID: | 25617 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 10 2007 12:00AM |
| Updated: | Sep 10 2007 12:00AM |
| Credit: | k-one A.K.A PUPET is credited with the discovery of this vulnerability. |
| Vulnerable: |
Sisfo Kampus Smart Sisfo Kampus 2006 |
| Not Vulnerable: | |
Discussion
SisfoKampus dwoprn.php Arbitrary File Download Vulnerability
Sisfo Kampus is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to download arbitrary files within the context of the webserver process. Information obtained may aid in further attacks.
This issue affects SisfoKampus 2006; other versions may also be vulnerable.
Sisfo Kampus is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to download arbitrary files within the context of the webserver process. Information obtained may aid in further attacks.
This issue affects SisfoKampus 2006; other versions may also be vulnerable.
Exploit / POC
SisfoKampus dwoprn.php Arbitrary File Download Vulnerability
Attackers can use a browser to exploit this issue.
The following proof-of-concept URI is available:
http://www.example.com/dwoprn.php?f=connectdb.php
Attackers can use a browser to exploit this issue.
The following proof-of-concept URI is available:
http://www.example.com/dwoprn.php?f=connectdb.php
Solution / Fix
SisfoKampus dwoprn.php Arbitrary File Download Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
SisfoKampus dwoprn.php Arbitrary File Download Vulnerability
References:
References:
- Sisfo Kampus HomePage (Sisfo Kampus)