deV!L'z Clanportal 'thumbgen.php' Local File Disclosure Vulnerability
BID:39785
Info
deV!L'z Clanportal 'thumbgen.php' Local File Disclosure Vulnerability
| Bugtraq ID: | 39785 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 29 2010 12:00AM |
| Updated: | Apr 29 2010 12:00AM |
| Credit: | indoushka |
| Vulnerable: |
deV!Lz Clanportal deV!Lz Clanportal 1.5.3 |
| Not Vulnerable: | |
Discussion
deV!L'z Clanportal 'thumbgen.php' Local File Disclosure Vulnerability
deV!L'z Clanportal is prone to a local file-disclosure vulnerability.
An attacker can exploit this vulnerability to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
deV!Lz Clanportal 1.5.3 is vulnerable; other versions may also be affected.
deV!L'z Clanportal is prone to a local file-disclosure vulnerability.
An attacker can exploit this vulnerability to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
deV!Lz Clanportal 1.5.3 is vulnerable; other versions may also be affected.
Exploit / POC
deV!L'z Clanportal 'thumbgen.php' Local File Disclosure Vulnerability
Attackers may exploit this issue through a browser.
The following example URI is available:
http://www.example.com/dzcp1.5.3/thumbgen.php?img=[d:\11.jpg]
Attackers may exploit this issue through a browser.
The following example URI is available:
http://www.example.com/dzcp1.5.3/thumbgen.php?img=[d:\11.jpg]
Solution / Fix
deV!L'z Clanportal 'thumbgen.php' Local File Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
deV!L'z Clanportal 'thumbgen.php' Local File Disclosure Vulnerability
References:
References:
- deV!Lz Clanportal Homepage (deV!Lz Clanportal)