• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHPSlash URL Block Arbitrary File Disclosure Vulnerability

This sample exploit was provided by tobozo tagada <tobozo@iol.ie>:

Login as admin with GOD permissions
Access the BLOCKS admin section
(blockAdmin.php3) and
create a new block with the following information :

Title : notTrusted
Type : url
Site Location : whatever
Source URL : ./config.php3
Expire Length : 0
Owned by section : home
Data : (empty)
Order number : whatever

It will display the content of the config.php3 as text in
the block of the main page.

It might become an issue if blockAdmin.php3 gives
add/edit/remove permission to some users that are
not
supposed to access the filesystem.