|
Feeds -
Exploits
|
|
Written by Room-Hacker
|
|
Monday, 02 March 2009 22:44 |
ClearBudget Invalid '.htaccess' Unauthorized Access Vulnerability
-\\Bugtraq ID:
33643
-\\Class:
Design Error
-\\CVE:
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Feb 05 2009 12:00AM
-\\Updated:
Mar 02 2009 08:16PM
-\\Credit:
Room-Hacker
-\\Vulnerable:
ClearBudget ClearBudget 0.6.1
-\\Not Vulnerable:
ClearBudget ClearBudget 0.7.1
-\\Discussion
ClearBudget is prone to an unauthorized-access vulnerability because it fails to properly restrict access to certain directories.
An attacker can exploit this vulnerability to gain access to database contents. Information harvested can lead to further attacks.
ClearBudget 0.6.1 is vulnerable; other versions may also be affected.
-\\Exploit(s)/PoC(s):
Attackers may exploit this issue via a browser.
The following example URI is available:
http://www.example.com/db/budget.slite
-\\Solution
The vendor released an update to address this issue. Please see the references for more information.
-\\References(s)
--ClearBudget Homepage
http://clearbudget.douteaud.com (ClearBudget)
|
