Simple Posting System 'old' Parameter Directory Traversal Vulnerability
BID:52477
Info
Simple Posting System 'old' Parameter Directory Traversal Vulnerability
| Bugtraq ID: | 52477 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 14 2012 12:00AM |
| Updated: | Mar 14 2012 12:00AM |
| Credit: | n0tch |
| Vulnerable: |
realize.be Simple Posting System 1.0 |
| Not Vulnerable: | |
Discussion
Simple Posting System 'old' Parameter Directory Traversal Vulnerability
Simple Posting System is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application.
Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
Simple Posting System is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application.
Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
Exploit / POC
Simple Posting System 'old' Parameter Directory Traversal Vulnerability
An attacker can exploit the issue through a browser
The following example URI is available:
http://www.example.com/sps.php?old=../../../../../../../../../../../../../../../../../etc/passwd%00
An attacker can exploit the issue through a browser
The following example URI is available:
http://www.example.com/sps.php?old=../../../../../../../../../../../../../../../../../etc/passwd%00
Solution / Fix
Simple Posting System 'old' Parameter Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Simple Posting System 'old' Parameter Directory Traversal Vulnerability
References:
References:
- Simple Posting System Homepage (realize.be)