by r0t,der4444,cembo,VietMafia

Tuesday, November 29, 2005

phpWTF Full Path Disclosure vuln.

phpWTF Full Path Disclosure vuln.
Vuln. dicovered by : r0t
Date: 29 nov. 2005
Vendor:http://retran.com/phpWTF/
affected version:v0.2.3 and prior

Product Description:
The phpWTF project: when you don't know what other's may not know. phpWTF provides a clean interface for a moderated question and answer forum. The html interface is customizable, and with fully w3c compliant output stylesheets can be used without a problem to customize look & feel.

Vuln. description:
Input passed to the "show" isn't properly sanitised before being used in a SQL query. Which may be exploited by attackers to determine the installation path and maybe more:)

example:
/?show=../

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew