Local file view in Etomite

2010-12-06T00:00:00
ID SECURITYVULNS:DOC:25237
Type securityvulns
Reporter Securityvulns
Modified 2010-12-06T00:00:00

Description

Vulnerability ID: HTB22712 Reference: http://www.htbridge.ch/advisory/local_file_view_in_etomite.html Product: Etomite Vendor: http://www.etomite.org/ ( http://www.etomite.org/ ) Vulnerable Version: 1.1 Vendor Notification: 18 November 2010 Vulnerability Type: Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: High Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

Vulnerability Details: The vulnerability exists due to failure in the "/manager/actions/static/document_data.static.action.php" script to properly sanitize user-supplied input in "id" variable. A remote user can view any local file.

http://etomite/manager/actions/static/document_data.static.action.php?id=/../../../../includes/config.inc.php%00