Fotopholder index.php path Variable Traversal Arbitrary File Access

2006-08-15T02:11:09
ID OSVDB:28243
Type osvdb
Reporter Vampire(Vampire_chiristof@yahoo.com)
Modified 2006-08-15T02:11:09

Description

Vulnerability Description

Fotopholder contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to index.php not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'path' variable.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Fotopholder contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to index.php not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'path' variable.

Manual Testing Notes

http://[target]/foto/index.php?path=../../etc/passwd http://[target]/foto/index.php?path=../../[directory listing]

References:

Vendor URL: http://www.jakeo.com/software/fotopholder/index.php Security Tracker: 1016702 Secunia Advisory ID:21648 Related OSVDB ID: 28242 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0316.html ISS X-Force ID: 28399 CVE-2006-4260