Bugtraq mailing list archives
Miniweb 2.0 Full Path Disclosure
From: Salvatore Fresta aka Drosophila <drosophilaxxx () gmail com>
Date: Sat, 12 Dec 2009 04:01:11 +0100
Miniweb 2.0 Full Path Disclosure Name Miniweb 2.0 Vendor http://www.miniweb2.com Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta [at] gmail [dot] com Date 2009-12-12 X. INDEX I. ABOUT THE APPLICATION II. DESCRIPTION III. ANALYSIS IV. SAMPLE CODE V. FIX I. ABOUT THE APPLICATION Miniweb 2.0 is designed for those who want to transform a brochure site into a dynamic Web 2.0 site that attracts tons of traffic and sales. II. DESCRIPTION Preamble: I don't consider this argument a real security flaw but it may be useful in some cases. The value of the module parameter passed to index.php page is included using the PHP main function. This may be a principle of local file inclusion vulnerability but in this case the final NULL byte is properly sanitised. However an invalid module name produces a warning message with the full path of the interested page. III. ANALYSIS Summary: A) Full Path Disclosure A) Full Path Disclosure In order to "exploit" this vulnerability, you don't require anything. IV. SAMPLE CODE http://site/path/index.php?module=foo%00 V. FIX Use @main() instead of main().
Current thread:
- Miniweb 2.0 Full Path Disclosure Salvatore Fresta aka Drosophila (Dec 14)