JAWS gadget Variable Arbitrary File Access

2004-07-05T00:00:00
ID OSVDB:7722
Type osvdb
Reporter Fernando Quintero(nando@gigax.org)
Modified 2004-07-05T00:00:00

Description

Vulnerability Description

JAWS contains a flaw that allows a remote attacker to read files outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the gadget variable.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, JAWS has released a patch to address this vulnerability.

Short Description

JAWS contains a flaw that allows a remote attacker to read files outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the gadget variable.

Manual Testing Notes

http://[victim]/jaws/index.php?gadget=../../../../../../../../../../etc/passwd%00&path=/etc

References:

Vendor URL: http://www.jaws.com.mx/ Vendor Specific Solution URL: http://jaws.com.mx/files/index.php.txt Security Tracker: 1010651 Related OSVDB ID: 7723 Related OSVDB ID: 7724 Related OSVDB ID: 7720 Related OSVDB ID: 7721 Other Advisory URL: http://www.securiteam.com/unixfocus/5KP0H0ADFU.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html ISS X-Force ID: 16620 CVE-2004-2445 Bugtraq ID: 10670