PAJAX pajax_call_dispatcher.php className Variable Traversal Arbitrary File Access

2006-04-14T06:32:36
ID OSVDB:24862
Type osvdb
Reporter RedTeam Pentesting()
Modified 2006-04-14T06:32:36

Description

Vulnerability Description

PAJAX contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the pajax_call_dispatcher.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'className' variable.

Solution Description

Upgrade to version 0.5.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PAJAX contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the pajax_call_dispatcher.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'className' variable.

References:

Vendor URL: http://www.auberger.com/pajax/3/ Secunia Advisory ID:19653 Related OSVDB ID: 24618 Other Advisory URL: http://www.redteam-pentesting.de/advisories/rt-sa-2006-001.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0270.html FrSIRT Advisory: ADV-2006-1353 CVE-2006-1789 Bugtraq ID: 17519