Limbo CMS index2.php option Variable Traversal Arbitrary File Access

2005-12-14T15:03:21
ID OSVDB:21755
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-12-14T15:03:21

Description

Vulnerability Description

Limbo CMS contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the 'index2.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'option' variable.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Limbo CMS contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the 'index2.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'option' variable.

Manual Testing Notes

http://[target]/[path_to_limbo]/index2.php?option=frontpage/../../../../../../../../../../../script

References:

Vendor URL: http://www.limbo-cms.com/ Security Tracker: 1015364 Secunia Advisory ID:18063 Related OSVDB ID: 21753 Related OSVDB ID: 21756 Related OSVDB ID: 21757 Related OSVDB ID: 21758 Related OSVDB ID: 21759 Related OSVDB ID: 21754 Other Advisory URL: http://rgod.altervista.org/limbo1042_xpl.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0143.html FrSIRT Advisory: ADV-2005-2932 CVE-2005-4319 Bugtraq ID: 15871