RaakCms Multiple Input Validation Vulnerabilities
BID:39975
Info
RaakCms Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 39975 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 31 2010 12:00AM |
| Updated: | May 06 2010 09:12PM |
| Credit: | Pouya Daneshmand |
| Vulnerable: |
RaakCms RaakCms 0 |
| Not Vulnerable: | |
Discussion
RaakCms Multiple Input Validation Vulnerabilities
RaakCms is prone to multiple directory-traversal vulnerabilities and a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process and to download arbitrary files outside of the web server root directory. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
RaakCms is prone to multiple directory-traversal vulnerabilities and a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process and to download arbitrary files outside of the web server root directory. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Exploit / POC
RaakCms Multiple Input Validation Vulnerabilities
Attackers can use a browser to exploit this issue.
The following example URI's are avaialable:
http://www.example.com/webmaster/pic.aspx
http://www.example.com/User_Images/[Folder]/FILE.ASPX
http://www.example.com/browse.asp?dir=./..
http://www.example.com/browseFile.asp?dir=./..
Attackers can use a browser to exploit this issue.
The following example URI's are avaialable:
http://www.example.com/webmaster/pic.aspx
http://www.example.com/User_Images/[Folder]/FILE.ASPX
http://www.example.com/browse.asp?dir=./..
http://www.example.com/browseFile.asp?dir=./..
Solution / Fix
RaakCms Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
RaakCms Multiple Input Validation Vulnerabilities
References:
References: