FarsiNews index.php archive Variable Traversal Arbitrary File Access

2006-02-10T07:52:00
ID OSVDB:23021
Type osvdb
Reporter Hamid Ebadi(admin@hamid.ir)
Modified 2006-02-10T07:52:00

Description

Vulnerability Description

FarsiNews contains a flaw that allows a remote attacker to view files outside of the web path. The issue is due to the index.php not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'archive' variable. This may lead to an unauthorized password exposure. It is possible to gain access to plain text passwords, which may lead to a loss of confidentiality.

Solution Description

Upgrade to version 2.5.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

FarsiNews contains a flaw that allows a remote attacker to view files outside of the web path. The issue is due to the index.php not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'archive' variable. This may lead to an unauthorized password exposure. It is possible to gain access to plain text passwords, which may lead to a loss of confidentiality.

Manual Testing Notes

http://[target]/index.php?archive=/../users.db.php%00 http://[target]/Farsi1/index.php?archive=/../[file-to-read]%00

References:

Vendor URL: http://www.farsinewsteam.com/ Vendor Specific News/Changelog Entry: http://forum.farsinewsteam.com/index.php?showtopic=71 Vendor Specific News/Changelog Entry: http://forum.farsinewsteam.com/index.php?showtopic=76 Secunia Advisory ID:18768 Related OSVDB ID: 23020 Related OSVDB ID: 23022 Other Advisory URL: http://www.hamid.ir/security/farsinews2-5.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0534.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0156.html ISS X-Force ID: 24602 FrSIRT Advisory: ADV-2006-0506 CVE-2006-0660 Bugtraq ID: 16580