Full Disclosure mailing list archives
Fa Name version 1.0 Path Disclosure Vulnerability
From: securityresearch <securityresearch () netvigilance com>
Date: Mon, 30 Jun 2008 16:33:59 -0400
netVigilance Security Advisory #41 Fa Name version 1.0 Path Disclosure Vulnerability Description: Fa Name (http://webscripts.softpedia.com/script/Content-Management/Fa-Name-41229.html) is useful portal (CMS) for .name websites. You can have a simple portal but useful one for you domain names and by using this portal you can show your complete information like photo, identification, projects and history to the others. Successful exploitation requires PHP magic_quotes_gpc set to Off in php.ini file on the server. (Default for magic_quotes_gpc is On) External References: Mitre CVE: CVE-2007-3651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3651 NVD NIST: CVE-2007-3651 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3651 OSVDB: Summary: Fa Name is useful portal (CMS) for .name websites. Security problems in the product allow attackers to gather the true path of the server-side script. Advisory URL: http://www.netvigilance.com/advisory0041 Release Date: June 30th 2008 CVSS Version 2 Metrics: Base Metrics: Exploitability Metrics: Access Vector: Network Access Complexity: Medium Authentication: None Impact Metrics: Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None Temporal Metrics: Exploitability: Functional Remediation Level: Workaround Report Confidence: Uncorroborated CVSS Version 2 Vectors: Base Vector: “AV:N/AC:M/Au:N/C:P/I:N/A:N” Temporal Vector: “E:F/RL:W/RC:UR” CVSS Version 2 Scores: Base Score: 4.3 Impact Subscore: 2.9 Exploitability Subscore: 8.6 Temporal Score: 3.7 SecureScout Testcase ID: TC 17971 Vulnerable Systems: Fa Name version 1.0 Vulnerability Type: Program flaws – The product scripts have flaws which lead to Warnings or even Fatal Errors. Vendor: FaScript Vendor Status: The Vendor has been notified Workaround: Disable warning messages: modify in the php.ini file following line: display_errors = Off or/and in the php.ini file set magic_quotes_gpc = On. Example: Path Disclosure Vulnerability REQUEST: http://[TARGET]/[FANAME-DIRECTORY]/class/page.php?id='; REPLY: ...<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>[SERVER PATH][FANAME-DIRECTORY]\class\page.php</b> on line <b>6</b><br />... Credits: Jesper Jurcenoks Co-founder netVigilance, Inc www.netvigilance.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fa Name version 1.0 Path Disclosure Vulnerability securityresearch (Jun 30)