banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register  
[Login] Loginhttp  | https  ]
 
Forum Index Thông tin new bugs và exploits PLESK Filemanager.PHP Directory Traversal Vulnerability  XML
  [Announcement]   PLESK Filemanager.PHP Directory Traversal Vulnerability 25/09/2006 03:38:26 (+0700) | #1 | 25536
Quan Vân Trường
HVA Friend

Joined: 19/07/2002 10:13:30
Messages: 115
Location: 9:00PM-6:00AM
Offline
[Profile] [PM]
Vulnerable version: Plesk Plesk Reload 7.5, Plesk Plesk for Windows 7.6

Description:
PLESK is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.
Versions 7.5 Reload and prior, and 7.6 for windows are vulnerable to this issue; other versions may also be affected.

Exploit:
Attackers may exploit this vulnerability via a web client.
An example URI has been provided:

https://www.example.com:8443/filemanager/filemanager.php?cmd=chdir&file=../

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.
Reportedly, the vendor has released fixes to address this issue. Symantec has not confirmed this.

Nguồn: SecurityFocus http://www.securityfocus.com/bid/20155) :wink: :wink:
Kernel Panic.
[Up] [Print Copy]
  [Question]   Re: PLESK Filemanager.PHP Directory Traversal Vulnerability 25/09/2006 05:41:34 (+0700) | #2 | 25560
[Avatar]
DaoDuyHieu
HVA Friend

Joined: 14/04/2004 00:32:37
Messages: 200
Location: MICROSOFT
Offline
[Profile] [PM] [Email] [Yahoo!] [MSN]
Credit: GuanYu is credited with the discovery of this vulnerability. 

smilie)
Great hopes make great men smilie
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|