Chupix CMS download.php Arbitrary File Download Vulnerability
BID:25681
Info
Chupix CMS download.php Arbitrary File Download Vulnerability
| Bugtraq ID: | 25681 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4957 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 15 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | GolD_M is credited with the discovery of this vulnerability. |
| Vulnerable: |
Chupix CMS Chupix CMS 0.2.3 |
| Not Vulnerable: | |
Discussion
Chupix CMS download.php Arbitrary File Download Vulnerability
Chupix CMS is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to download arbitrary files within the context of the webserver process. Information obtained may aid in further attacks.
This issue affects Chupix CMS 0.2.3; other versions may also be vulnerable.
Chupix CMS is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue to download arbitrary files within the context of the webserver process. Information obtained may aid in further attacks.
This issue affects Chupix CMS 0.2.3; other versions may also be vulnerable.
Exploit / POC
Chupix CMS download.php Arbitrary File Download Vulnerability
Attackers can use a browser to exploit this issue.
The following proof-of-concept URI is available:
/download.php?repertoire=defaut&fichier=../../download.php
/download.php?fichier=../../../../../../../etc/passwd%00
Attackers can use a browser to exploit this issue.
The following proof-of-concept URI is available:
/download.php?repertoire=defaut&fichier=../../download.php
/download.php?fichier=../../../../../../../etc/passwd%00
Solution / Fix
Chupix CMS download.php Arbitrary File Download Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Chupix CMS download.php Arbitrary File Download Vulnerability
References:
References:
- Chupix CMS 0.2.3 (download.php) Remote File Disclosure Vulnerability (milw0rm)
- Chupix CMS Homepage (Chupix CMS)