{"id": "PACKETSTORM:33877", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "ew_file_manager.txt", "description": "", "published": "2004-07-26T00:00:00", "modified": "2004-07-26T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/33877/ew_file_manager.txt.html", "reporter": "Sullo", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2016-11-03T10:22:59", "viewCount": 13, "enchantments": {"score": {"value": -0.5, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.5}, "_state": {"dependencies": 1678912101, "score": 1678911848, "epss": 1678921929}, "_internal": {"score_hash": "e20c45f9f1abd5bcc9867b9fa69bce55"}, "sourceHref": "https://packetstormsecurity.com/files/download/33877/ew_file_manager.txt", "sourceData": "`* CIRT-200404: EasyWeb (EW) FileManager Directory Traversal * \n \nRemote File Retrieval - 07/23/2004 \n \n*Product: * \nEasyWeb FileManager Module <http://home.postnuke.ru/> \n \n*Description:* \nEasyWeb FileManager Module for PostNuke is vulnerable to a directory \ntraversal problem which allows retrieval of arbitrary files from the \nremote system. \n \n*Systems Affected:* \nEasyWeb FileManager 1.0 RC-1 \n \n*Technical Description:* \nThe PostNuke module works by loading a directory and/or file via the \n\"pathext\" (directory) and \"view\" (file) variables. Providing a relative \npath (from the document repository) in the \"pathext\" variable will cause \nFileManager to provide a directory listing of that diretory. Selecting a \nfile in that listing, or putting a file name in the \"view\" variable, \nwill cause EasyWeb to load the file specified. Only files and \ndirectories which can be read by the system user running PHP can be \nretrieved. \n \nThis URL will show the /etc direcotry (assuming PostNuke is installed at \nthe root level): \n \n* http://[victim]/index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc \n \n \nThis URL will show the /etc/passwd file (assuming PostNuke is installed \nat the root level): \n \n* http://[victim]/index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc/&view=passwd \n \n \n*Fix/Workaround:* \nUse another file manager module for PostNuke, as the authors do not \nappear to be maintaining FileManager. \n \n*Vendor Status:* \nVendor was contacted but did not respond. \n \n*Contacts:* \nsullo@cirt.net <mailto:sullo@cirt.net> \n \n*References:* \nUpdated information can be found on OSVDB.org <http://www.osvdb.org/> \nunder the following entries: \nOSVDB-8193 <http://www.osvdb.org/8193> EasyWeb FileManager Directory \nTraversal \n`\n"}
ew_file_manager.txt