Farsinews 2.1/2.5 - 'show_archives.php?template' Traversal Arbitrary File Access

EDB-ID:

27183


Platform:

PHP

Published:

2006-02-10

source: http://www.securityfocus.com/bid/16580/info

FarsiNews is prone to directory-traversal and local file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit the directory-traversal vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process.

The local file-include vulnerability lets the attacker include arbitrary local files. The impact of this issue depends on the content of the files included. If an attacker can place a malicious script on the vulnerable computer (either through legitimate means or through other latent vulnerabilities), then the attacker may be able to execute arbitrary code in the context of the webserver process. The attacker may also be able to use existing scripts to perform some malicious activity.

http://www.example.com/show_archives.php?template=/../../[local-file]%00