ExplorerXP dir.php chemin Variable Traversal Arbitrary File Access

2006-03-29T04:17:41
ID OSVDB:24259
Type osvdb
Reporter Amine ABOUD aka Silitix(admin@silitix.com)
Modified 2006-03-29T04:17:41

Description

Vulnerability Description

ExplorerXP contains a flaw that allows a remote attacker to view files outside of the web path. The issue is due to the dir.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'chemin' variable.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ExplorerXP contains a flaw that allows a remote attacker to view files outside of the web path. The issue is due to the dir.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'chemin' variable.

Manual Testing Notes

http://[target]/dir.php?chemin=../../../

References:

Vendor URL: http://www.phpscripts-fr.net/scripts/script.php?id=933 Security Tracker: 1015840 Secunia Advisory ID:19460 Related OSVDB ID: 24260 Other Advisory URL: http://ns79.hosteur.com/~secuti/explorerxp.php Other Advisory URL: https://www.securinfos.info/english/security-advisories-alerts/20060329_.ExplorerXP_Directory.Traversal.and.Cross.Site.Scripting.php Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1806.html ISS X-Force ID: 25523 ISS X-Force ID: 25524 CVE-2006-1493 CVE-2006-1492