iFoto index.php dir Variable Traversal Arbitrary Photo Access

2007-07-25T17:22:08
ID OSVDB:38615
Type osvdb
Reporter Lostmon Lords(Lostmon@gmail.com)
Modified 2007-07-25T17:22:08

Description

Vulnerability Description

iFoto contains a flaw that allows a remote attacker to view arbitrary pictures and directory listings outside of the web path. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'dir' Variable(s).

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

iFoto index.php dir Variable Traversal Arbitrary Photo Access

Manual Testing Notes

http://[victims]/ifoto/?dir=..%2F..%2F..%2F..%2F..%2F..%2Fetc http://[victims]/ifoto/?dir=../../../../../../etc

References:

Vendor URL: http://ifoto.ireans.com/ Secunia Advisory ID:26186 Other Advisory URL: http://lostmon.blogspot.com/2007/07/ifoto-traversal-folder-enumeration.html CVE-2007-4092 Bugtraq ID: 25065