Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-15929

CGI Generic Path Traversal (write test)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Invalid
    • Icon: Major Major
    • None
    • 3.2.5
    • Extensions

       
      Can I get some help with this? How can I solve this issue?

       
      CGI Generic Path Traversal (write test)
      Synopsis:
       
      Arbitrary files may be modified on the remote host.
      Impact:
       
      The remote web server hosts CGI scripts that fail to adequately sanitize request strings and are affected by directory traversal or local file inclusion vulnerabilities. By leveraging this issue, an attacker may be able to modify arbitrary files on the web server or execute commands. See also : https://en.wikipedia.org/wiki/Directory_traversal http://cwe.mitre.org/data/definitions/22.html http://projects.webappsec.org/w/page/13246952/Path%20Traversal http://projects.webappsec.org/w/page/13246949/Null%20Byte%20Injection http://www.nessus.org/u?70f7aa09
       
      Resolution:
       
      Restrict access to the vulnerable application. Contact the vendor for a patch or upgrade.
      Data Received:
       
      Using the POST HTTP method, SecurityMetrics found that : + The following resources may be vulnerable to directory traversal (write access) : + The 'sk' parameter of the /phpbb/app.php/gallery/album/8/page/12 CGI : /phpbb/app.php/gallery/album/8/page/12 [sd=d&sk=t../../../../../../../.. /../../windows/system32/config/sam] -------- output -------- <div> <a id="bottom" class="anchor" accesskey="z"></a> <img src="./../../../../../cron.php?cron_type=cron.task.core.tidy_sessi ons" width="1" height="1" alt="cron" /></div> <script src="./../../../../../assets/javascript/jquery.min.js?asse [...] -------- vs -------- <div> <a id="bottom" class="anchor" accesskey="z"></a> <img src="./../../../../../cron.php?cron_type=cron.task.core.tidy_cache " width="1" height="1" alt="cron" /></div> <script src="./../../../../../assets/javascript/jquery.min.js?asse [...] ------------------------ /phpbb/app.php/gallery/album/8/page/12 [sd=d&sk=t../../../../../../../.. /../../windows/system32/config/sam] {2} -------- output -------- <div> <a id="bottom" class="anchor" accesskey="z"></a> <img src="./../../../../../cron.php?cron_type=cron.task.core.tidy_searc h" width="1" height="1" alt="cron" /></div> <script src="./../../../../../assets/javascript/jquery.min.js?asse [...] -------- vs -------- <div> <a id="bottom" class="anchor" accesskey="z"></a> <img src="./../../../../../cron.php?cron_type=cron.task.core.tidy_sessi ons" width="1" height="1" alt="cron" /></div> <script src="./../../../../../assets/javascript/jquery.min.js?asse [...] ------------------------ + The 'sk' parameter of the /phpbb/app.php/gallery/album/8/page/3 CGI : /phpbb/app.php/gallery/album/8/page/3 [sd=d&sk=t../../../../../../../../ ../../tmp] -------- output -------- <div> <a id="bottom" class="anchor" accesskey="z"></a> <img src="./../../../../../cron.php?cron_type=cron.task.core.tidy_cache " width="1" height="1" alt="cron" /></div> <script src="./../../../../../assets/javascript/jquery.min.js?asse [...] -------- vs -------- <div> <a id="bottom" class="anchor" accesskey="z"></a> <img src="./../../../../../cron.php?cron_type=cron.task.core.tidy_sessi ons" width="1" height="1" alt="cron" /></div> <script src="./../../../../../assets/javascript/jquery.min.js?asse [...] ------------------------

            Unassigned Unassigned
            rapidrepair rapidrepair [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: