Scry index.php p Variable Traversal Arbitrary File Access

2006-04-21T11:17:37
ID OSVDB:24889
Type osvdb
Reporter Simo64 Moroccan Security Team(simo64@gmail.com)
Modified 2006-04-21T11:17:37

Description

Vulnerability Description

Scry contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to index.php not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'p' variable.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Scry contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to index.php not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'p' variable.

Manual Testing Notes

http://[target]/scry/index.php?v=list&i=0&p=../../..

References:

Vendor URL: http://scry.org/ Secunia Advisory ID:19777 Related OSVDB ID: 24890 Mail List Post: http://attrition.org/pipermail/vim/2006-April/000716.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0453.html ISS X-Force ID: 25991 FrSIRT Advisory: ADV-2006-1490 CVE-2006-1995 Bugtraq ID: 17649