PLESK Filemanager.PHP Directory Traversal Vulnerability

English | Vietnamese

Rules

Main Forum

Portal

Member Listing

Statistics

Search

Reading Room
[Register]

Login [ | https ]

Forum Index

Thông tin new bugs và exploits

PLESK Filemanager.PHP Directory Traversal Vulnerability

[Announcement] PLESK Filemanager.PHP Directory Traversal Vulnerability	25/09/2006 03:38:26 (+0700) \| #1 \| 25536

Quan Vân Trường
HVA Friend

Joined: 19/07/2002 10:13:30
Messages: 115
Location: 9:00PM-6:00AM
Offline

Vulnerable version: Plesk Plesk Reload 7.5, Plesk Plesk for Windows 7.6

Description:
PLESK is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
Versions 7.5 Reload and prior, and 7.6 for windows are vulnerable to this issue; other versions may also be affected.

Exploit:
Attackers may exploit this vulnerability via a web client.
An example URI has been provided:

https://www.example.com:8443/filemanager/filemanager.php?cmd=chdir&file=../

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.
Reportedly, the vendor has released fixes to address this issue. Symantec has not confirmed this.

Nguồn: SecurityFocus http://www.securityfocus.com/bid/20155) :wink: :wink:

Kernel Panic.