PowerPortal gallery Module Arbitrary Directory Browsing

2004-05-23T05:05:58
ID OSVDB:7275
Type osvdb
Reporter DarkBicho(darkbicho@gmail.com)
Modified 2004-05-23T05:05:58

Description

Vulnerability Description

Powerportal contains a flaw that allows a remote attacker to browse outside of the web path. The issue is due to the gallery module not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "files" variable.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Powerportal contains a flaw that allows a remote attacker to browse outside of the web path. The issue is due to the gallery module not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "files" variable.

Manual Testing Notes

http://[victim]/modules.php?name=gallery&files=/../../../

References:

Secunia Advisory ID:11960 Related OSVDB ID: 7277 Related OSVDB ID: 7276 Other Advisory URL: http://www.swp-zone.org/archivos/advisory-07.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0905.html ISS X-Force ID: 16530