Home / os / solaris

ifoto-traversal.txt

Posted on 26 July 2007

################################################# ifoto traversal folder enumeration Vendor url:http://ifoto.ireans.com/ Advisore:http://lostmon.blogspot.com/2007/07/ ifoto-traversal-folder-enumeration.html vendor notify:no exploit include:yes ################################################# ifoto contains a flaw that allows a remote traversal arbitrary folder enumeration.This flaw exists because the application does not validate 'dir' variable upon submission to 'index.php' scripts.This could allow a remote users to create a specially crafted URL that would execute '../' directory traversal characters to view folder structure on the target system with the privileges of the target web service. ################ versions ################ ifoto 1.0 ################ Solution: ################ No solution was available at this time !!! ################ TimeLine ################ Discovered: 18-07-2007 vendor notify:--- vendor response:--- disclosure:25-07-2007 ##################### Examples ##################### http://[victims]/ifoto/?dir=..%2F..%2F..%2F..%2F..%2F..%2Fetc http://[victims]/ifoto/?dir=../../../../../../etc http://[victims]/ifoto/index.php?dir=../../../../../../ #################

 

TOP