SunPS iRunbook Directory Traversal

2002-07-11T00:00:00
ID OSVDB:3410
Type osvdb
Reporter OSVDB
Modified 2002-07-11T00:00:00

Description

Vulnerability Description

SunPS iRunbook contains a flaw that allows a remote attacker to reading arbitrary files outside of the web path. The issue is due to the "none.php" script not properly sanitizing user input, specifically traversal style attacks (../../).

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

SunPS iRunbook contains a flaw that allows a remote attacker to reading arbitrary files outside of the web path. The issue is due to the "none.php" script not properly sanitizing user input, specifically traversal style attacks (../../).

Manual Testing Notes

To view /etc/passwd file: http://[victim]/content/base/build/explorer/none.php?..:..:..:..:..:etc:passwd: http://[victim]/content/base/build/explorer/none.php?/etc/passwd

To view contents of /etc directory: http://[victim]/content/base/build/explorer/none.php?..:..:..:..:..:..:etc: http://[victim]/content/base/build/explorer/none.php?/etc/

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-07/0107.html Keyword: Directory Traversal ISS X-Force ID: 9549 Generic Informational URL: http://www.sun.co.uk/consulting/sunpro/pdf/irunbook-4.pdf CVE-2002-1034 CVE-2002-1033 Bugtraq ID: 5209