PowerPortal modules.php files Variable Path Disclosure

2004-05-23T05:05:58
ID OSVDB:7277
Type osvdb
Reporter DarkBicho(darkbicho@gmail.com)
Modified 2004-05-23T05:05:58

Description

Vulnerability Description

PowerPortal contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an invalid file is requested of the Gallery Module. The request can be made directly to the resize.php script, or by specifying it via the "files" variable. This will disclose the physical path of the web server installation resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PowerPortal contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an invalid file is requested of the Gallery Module. The request can be made directly to the resize.php script, or by specifying it via the "files" variable. This will disclose the physical path of the web server installation resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/power/modules.php?name=gallery&files=darkbicho

References:

Secunia Advisory ID:11960 Related OSVDB ID: 7276 Related OSVDB ID: 7275 Other Advisory URL: http://www.swp-zone.org/archivos/advisory-07.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0905.html ISS X-Force ID: 16529 CVE-2004-0662 Bugtraq ID: 10622