[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    ZH2004-02SA (security advisory): PJ CGI Neo review (NeoBoard
From:       ZetaLabs <zetalabs () zone-h ! org>
Date:       2004-01-29 10:40:43
Message-ID: 20040129104043.9815.qmail () www ! securityfocus ! com
[Download RAW message or body]



ZH2004-02SA (security advisory): PJ CGI Neo review (NeoBoard review) Remote arbitrary \
file retrieving

Published: 29 january 2004

Released: 29 january 2004

Name: PJ CGI Neo review (NeoBoard review)

Affected Systems: Current version

Issue: Remote file retrieving

Author: Zone-h Security Labs

Vendor: http://www.livepj.com


Description

***********

Zone-h Security Team has discovered a flaw in PJ CGI Neo review (NeoBoard review). \
There is a vulnerability in the current version of NeoBoard that allows an attacker \
to retrieve arbitrary files from the webserver with its priviledges.



Details

******* 


It's possibile for a remote attacker to retrieve any file from a webserver. 

For example try this:

http://address/directory/PJreview_Neo.cgi?p=/../../../../../../../../../../../../../../../../etc/passwd





Solution:

*********

The vendor has not been contacted because his site is unreachable.


http://www.zone-h.org/advisories/read/id=3824


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic