«
»

Portili Products Multiple Vulnerabilities


Portili Products Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA37258
VERIFY ADVISORY: http://secunia.com/advisories/37258/
DESCRIPTION: Some vulnerabilities have been reported in Portili products, which can be exploited by malicious people to manipulate certain data, disclose system information, and conduct cross-site scripting attacks.
1) Input passed via the “original_path” and “name” parameters to ajaxfilemanager/ajax_save_name.php is not properly sanitised before being used to move files. This can be exploited to move arbitrary directories in the webroot of the application.
2) The “phpinfo.php” script is stored with insecure permissions inside the web root. This can be exploited to gain knowledge of sensitive information (e.g. PHP configuration details) by requesting the file directly.
3) Input passed via the “view” parameter to ajaxfilemanager/ajaxfilemanager.php is not properly sanitised before being displayed to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in the context of an affected site.
The vulnerabilities are confirmed in Portili Personal Wiki 1.14 and reported in Portili Team Wiki 1.14. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised. Restrict access to the “phpinfo.php” script (e.g. via .htaccess).
PROVIDED AND/OR DISCOVERED BY: Abysssec Inc.
ORIGINAL ADVISORY: http://packetstormsecurity.org/0911-exploits/Portili-V1.14.txt
———————————————————————-

Dieser Beitrag wurde am Freitag 6. November 2009, 19:20 unter Bugs / Fehlermeldungen verfasst. Sie können alle Antworten auf diesen Beitrag nachverfolgen mit RSS 2.0. Sie können eine Antwort, oder einen Trackback von Ihrer eigenen Seite hinterlassen.

  1. Bisher keine Kommentare.

Sie müssen angemeldet sein, um einen Beitrag zu verfassen.