|
Feeds -
Exploits
|
|
Written by PLATEN
|
|
Monday, 23 February 2009 20:52 |
Blue Utopia 'index.php' Local File Include Vulnerability
-\\Bugtraq ID:
33851
-\\Class:
Input Validation Error
-\\CVE:
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Feb 22 2009 12:00AM
-\\Updated:
Feb 23 2009 04:37PM
-\\Credit:
PLATEN
-\\Vulnerable:
Blue Utopia Blue Utopia 0
-\\Discussion
Blue Utopia is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to view and execute arbitrary local files in the context of the webserver process. This may aid in further attacks.
-\\Exploit(s)/PoC(s):
Attackers can exploit this issue via a browser.
The following example URI is available:
http://www.example.com/index.php?page=../../../../../../../../../../../../../../.. /../../../../../../../../../etc/passwd%00
-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\References(s)
--Blue Utopia Homepage
http://blueutopia.com (Blue Utopia)
|
