|
Best Security Research |
|
» | netVigilance is an active contributor to nvd.nist.gov
|
» | Every vulnerability in our database is independently scored according to CVSS 2.0
|
» | Our Scoring is compared to nvd.nist.gov and inconsistencies are reported to the NVD team at NIST
|
» |
netVigilance is responsible for more than 400 changes to the National Vulnerability Database - more than anyone else.
|
» | Our Professional Services team will validate any vulnerability Scoring for you.
|
Fact: More than 15 vulnerabilities were discovered EVERY day of 2009
Description:
Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter.
External References:
Mitre CVE: CVE-2004-0127
BUGTRAQ: 20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior
Summary:
phpGedView is an open source system for online viewing of Gedcom information (family tree and genealogy information). Multiple PHP Code Injection vulnerabilities exist in the phpGedView product. They enable a malicious user to access any file
on the server.
Release Date:
January 29 2004
Severity:
High
SecureScout Testcase ID:
TC 17867 (released Feb 6th)
Vulnerable Systems:
phpGedView version 2.65.1 and prior
Vulnerability Type:
Directory Traversal - Allowing the Attacker to read any file on the Target Server via the .. (dot dot) Sequence.
Vendor Status:
The Vendor has been notified and has Released a Version 2.65.3 that fixes the problem
Example:
(HIGH Risk BUT user must be Admin)
- -- HTTP Request --
http://[target]/[phpGedView-directory]/editconfig_gedcom.php?gedcom_config=../../../../../../etc/passwd
or
http://[target]/[phpGedView-directory]/editconfig_gedcom.php
POSTDATA: gedcom_config=../../../../../../etc/passwd
- -- HTTP Request --
Code impacted : editconfig_gedcom.php
61:if (empty($gedcom_config)) {
62: if (!empty($_POST["gedcom_config"])) $gedcom_config = $_POST["gedcom_config"];
63: else $gedcom_config = "config_gedcom.php";
64:}
65:
66:require($gedcom_config);
The both GET/POST requests will work even if PHP register_globals is Off.
Credits:
Cedric Cochin - netVigilance Vulnerability Research team
Copyright©2004-2011, netVigilance, Inc. All rights reserved • Privacy Policy