Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

STG Security Advisory 2004-11-22.10

๐Ÿ—“๏ธย 11 Dec 2004ย 00:00:00Reported byย STG SecurityTypeย 
packetstorm
ย packetstorm๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 21ย Views

KorWeblog has a directory traversal vulnerability allowing unauthorized file access.

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
STG Security Advisory: [SSA-20041122-10] KorWeblog directory traversal  
vulnerability  
  
Revision 1.3  
Date Published: 2004-11-22 (KST)  
Last Update: 2004-11-22  
Disclosed by SSR Team ([email protected])  
  
Summary  
========  
KorWeblog is a weblog application used by many Korean Linux users.  
  
It has a directory traversal vulnerability that malicious attackers can get  
file lists of arbitrary directories.  
  
Vendor URL  
==========  
http://weblog.kldp.org  
  
Vulnerability Class  
===================  
Implementation Error: Input validation flaw  
  
Details  
=======  
KorWeblog has a function to insert image icons when users post replies. This  
function is implemented in viewimg.php.  
It doesn't check user input correctly, so malicious attackers can modify  
$path variable and can get file lists of a target directory.  
  
http://[victim]/viewimg.php?path=images.d/face/../../../../../../../&form=Co  
m&var=faceicon  
  
Impact  
======  
Medium: Information disclosure  
  
Workaround  
==========  
please download and apply viewimg.diff from  
http://kldp.net/tracker/index.php?func=detail&aid=300515&group_id=13&atid=30  
0013  
  
- --- viewimg-org.php 2004-09-21 13:08:15.000000000 +0900  
+++ viewimg.php 2004-09-21 13:08:44.000000000 +0900  
@@ -63,13 +63,13 @@  
<TABLE BORDER="0" CELLSPACING="3" CELLPADDING="5" ALIGN="CENTER">  
<TR>  
<?  
- -$img_file = KWL_GetFileName("$CONF[G_PATH]/$path");  
+$img_file = KWL_GetFileName("$CONF[G_PATH]/images.d/face");  
$x = 0;  
if (is_array($img_file)) {  
foreach($img_file as $img) {  
if (isset($fix)) $tmp = "$path/$img";  
else $tmp = $img;  
- - echo "<TD ALIGN=CENTER><A HREF=\"javascript:pick('$tmp')\"><IMG  
SRC=\"$CONF[G_URL]/$path/$img\" BORDER=\"0\" VSPACE=\"5\" HSPACE=\"5\"  
ALT=\"$img\"></A>\n";  
+ echo "<TD ALIGN=CENTER><A HREF=\"javascript:pick('$tmp')\"><IMG  
SRC=\"$CONF[G_URL]/images.d/face/$img\" BORDER=\"0\" VSPACE=\"5\"  
HSPACE=\"5\" ALT=\"$img\"></A>\n";  
$x++;  
if ($x==7 || isset($br)) { echo "</TR><TR>\n"; $x=0; }  
}  
  
  
Affected Products  
================  
KorWeblog 1.6.2-cvs and prior  
  
Vendor Status: NOT FIXED  
=======================  
2004-09-20 Vulnerability found.  
2004-09-21 KorWeblog developer notified but didn't reply.  
2004-09-21 Jeremy Bae made and submitted a patch.  
2004-11-22 Official release.  
  
Credits  
======  
Jeremy Bae at STG Security  
  
-----BEGIN PGP SIGNATURE-----  
Version: PGP 8.0  
  
iQA/AwUBQaP3/j9dVHd/hpsuEQLdiQCghTLqIwBh6ckXCaey1HhN+E+U3BsAnjXk  
Vo/EGxQDaN//HosfSJm640zX  
=sTJy  
-----END PGP SIGNATURE-----  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
11 Dec 2004 00:00Current
0.4Low risk
Vulners AI Score0.4
directory traversal vulnerabilityunauthorized file accesskorean linux usersinput validation flawinformation disclosure
21
.json
Report