Back to list
HTB22827: File Content Disclosure in Wikipad
Feb 15 2011 11:11AM
advisory htbridge ch
Re: HTB22827: File Content Disclosure in Wikipad
Apr 29 2011 05:02AM
security curmudgeon (jericho attrition org)
: Vulnerability ID: HTB22827
: Reference: http://www.htbridge.ch/advisory/file_content_disclosure_in_wikipad.html
: Vulnerability Type: File Content Disclosure
: Risk level: Low
: Vulnerability Details:
: The vulnerability exists due to failure in the "/pages.php" script to properly sanitize user-supplied input in "id" variable. We can disclose content of ".txt" files on file system.
: The following PoC is available:
So you can dump the contents of an arbitrary file, presumably outside the
web root, and this is 'Low' severity? Ok, perhaps authentication is
required or something else makes it a bit tricky..
: Also, we can change content of this file by using PoC:
: <form action="http://host/pages.php?action=edit&id=./../../../../../txt_file&t
itle=test" method="post" name="main">
: <input type="hidden" name="data[text]" value='new content"><script>alert(document.cookie)</script>'>
Now you can *edit* any file on the system, and this is 'Low' severity?
Worse, you throw in some script code instead of editing something a bit
more serious like editing a system startup file, passwd or some other form
of remote access?
At the very least, this would be 'Medium' by most standards.
[ reply ]
Copyright 2010, SecurityFocus