[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: ZH2004-01SA (security advisory): Web Blog 1.1 Remote arbitrary
From: ZetaLabs <zetalabs () zone-h ! org>
Date: 2004-01-28 10:15:40
Message-ID: 20040128101540.1781.qmail () www ! securityfocus ! com
[Download RAW message or body]
ZH2004-01SA (security advisory): Web Blog 1.1 Remote arbitrary files retrieving
Published: 28 january 2004
Released: 28 january 2004
Name: Web Blog
Affected Systems: 1.1
Issue: Remote file retrieving
Author: Zone-h Security Labs
Vendor: http://leifwright.com
Description
***********
Zone-h Security Team has discovered a flaw in Web Blog 1.1. There is a vulnerability \
in the current version of Web Blog that allows an attacker to retrieve arbitrary \
files from the webserver with its priviledges. Web Blog is an application to manage \
blogs.
Details
*******
It's possibile for a remote attacker to retrieve any file from a webserver.
For example try this:
http://address/directory/blog.cgi?submit=ViewFile&month=[month]&year=[year]&file=/../../../../../../../../../../../../../../../../etc/passwd
Solution:
*********
The vendor has been contacted and a new version was released.
Zone-h Security Labs - zetalabs@zone-h.org
http://www.zone-h.org/en/advisories/read/id=3822/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic