EV0078.txt

`New eVuln Advisory:  
Quirex Arbitrary File Disclosure Vulnerability  
http://evuln.com/vulns/78/summary.html  
  
--------------------Summary----------------  
eVuln ID: EV0078  
CVE: CVE-2006-0795  
Software: Quirex  
Sowtware's Web Site: http://www.teca-scripts.com/  
Versions: 2.0.2 2.0 and earlier  
Critical Level: Dangerous  
Type: Arbitrary File Disclosure  
Class: Remote  
Status: Unpatched. No reply from developer(s)  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
-----------------Description---------------  
Vulnerable Script: convert.cgi  
  
Variable $quiz_head $quiz_foot $template are not properly sanitized. This can be used to read arbitrary files.  
  
System access is possible.  
  
  
--------------Exploit----------------------  
Available at: http://evuln.com/vulns/78/exploit.html  
  
File Disclosure Example  
  
Url: http://host/cgi-bin/quirex/convert.cgi  
  
Path to quiz_head.txt: [arbitrary file]  
Path to quiz_foot.txt: [arbitrary file]  
Output file: [output file]  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
  
Regards,  
Aliaksandr Hartsuyeu  
http://evuln.com - Penetration Testing Services  
.  
`