mUnky 'zone' Parameter Local File Include Vulnerability
BID:29934
Info
mUnky 'zone' Parameter Local File Include Vulnerability
| Bugtraq ID: | 29934 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-2876 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 25 2008 12:00AM |
| Updated: | May 07 2015 05:28PM |
| Credit: | StAkeR |
| Vulnerable: |
mUnky mUnky 0.01 |
| Not Vulnerable: | |
Discussion
mUnky 'zone' Parameter Local File Include Vulnerability
mUnky is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue can allow remote attackers to view local files within the context of the webserver process. Information harvested may aid in further attacks.
mUnky 0.01 is vulnerable; other versions may also be affected.
mUnky is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue can allow remote attackers to view local files within the context of the webserver process. Information harvested may aid in further attacks.
mUnky 0.01 is vulnerable; other versions may also be affected.
Exploit / POC
mUnky 'zone' Parameter Local File Include Vulnerability
Attackers can exploit this issue with a browser.
The following example URI is available:
http://www.example.com/index.php?zone=../../../../../../../../../etc/passwd%00
Attackers can exploit this issue with a browser.
The following example URI is available:
http://www.example.com/index.php?zone=../../../../../../../../../etc/passwd%00
Solution / Fix
mUnky 'zone' Parameter Local File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].