[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [Tyr 2] Article Friendly File Inclusion

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [Tyr 2] Article Friendly File Inclusion
From: Ch3Kan <ch3kan@xxxxxxxxx>
Date: Sun, 11 Apr 2010 23:14:44 +0200

-- 
Akademik

                            Advisory 2

               - Article Friendly File Inclusion -

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Software Description------------------------------------------------>1
Affected Version---------------------------------------------------->2
Impact-------------------------------------------------------------->3
Vulnerability------------------------------------------------------->4
Solution------------------------------------------------------------>5
Timeline------------------------------------------------------------>6
Credits------------------------------------------------------------->7

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

1) Software Description

"Article Friendly Pro is our top rated, feature packed and inexpensive
article publishing script."

http://www.articlefriendly.com/

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2) Affected Version

* Article Friendly  4.9
* Article Friendly Pro 5.1.2

Represents tested version.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

3) Impact

Information Disclosure

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

4) Vulnerability

Lack of or an error in input sanitation can be exploited by
unauthenitcated users to view sensitive information.

"filename" parameter in "admin/index.php" is not sanitised and
used to include local files. Attackers can use this to view
system information which can be used to carry out additional attacks.

Example:
http://localhost/admin/index.php?filename=../../../../../etc/passwd%00

"magic_quotes_gpc" must be disabled in order to exploit.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

5) Solution

Enable "magic_quotes_gpc".

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

6) Timeline

2010/02/20 - Discovered.
2010/02/24 - Vendor notification.
2010/03/01 - Vendor response.
2010/04/11 - Public disclosure.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

7) Credits

Akademik

http://www.indonesiancoder.org/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Vulnerabilities in WordPress
Next by Date: Re: [Full-disclosure] Anthology of attacks via captchas
Previous by thread: Re: [Full-disclosure] Vulnerabilities in WordPress
Next by thread: [Full-disclosure] ACROS Security: Local Binary Planting in VMware Tools for Windows (ASPR #2010-04-12-2)
Index(es):
- Date
- Thread