DownloadProtect download.php file Variable Traversal Arbitrary File Access

2005-07-11T10:15:20
ID OSVDB:17806
Type osvdb
Reporter OSVDB
Modified 2005-07-11T10:15:20

Description

Vulnerability Description

DownloadProtect contains a flaw that allows a remote attacker to read files outside of the web path. The issue is due to download.php not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the download variable.

Solution Description

Upgrade to version 1.0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

DownloadProtect contains a flaw that allows a remote attacker to read files outside of the web path. The issue is due to download.php not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the download variable.

References:

Vendor URL: http://php.reinsveien.com/DP/ Vendor Specific News/Changelog Entry: http://php.reinsveien.com/DP/changelog.txt Secunia Advisory ID:16003 CVE-2005-2248