GuppY local file include directory traversal

guppy-file-include-directory-traversal (23319) The risk level is classified as MediumMedium Risk

Description:

GuppY could allow a remote attacker to traverse directories and execute arbitrary code or obtain sensitive information. If the register_globals_gpc setting is enabled, a remote attacker could send a specially-crafted URL request to multiple PHP scripts in the admin/inc directory containing "dot dot" sequences (/../) , URL encoded "dot dot" sequences, or URL encoded NULL characters, which would allow the attacker to execute or view arbitrary files located on the vulnerable system with privileges of the Web server process.


Consequences:

Gain Access

Remedy:

No remedy available as of July 9, 2011.

References:

  • BugTraq Mailing List, Mon Nov 28 2005 - 12:24:45 CST: Guppy <= 4.5.9 Remote code execution.
  • GuppY Web site: GuppY.
  • BID-15610: GuppY Multiple Local File Include and Information Disclosure Vulnerabilities
  • CVE-2005-3927: Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php.
  • SA17790: GuppY PHP Code Injection and Local File Inclusion Vulnerabilities
  • SECTRACK ID: 1015279: GuppY Input Validation Flaw in `error.php` Lets Remote Users Execute Arbitrary Code
  • VUPEN/ADV-2005-2635: GuppY Remote Code Execution and Directory Traversal Vulnerabilities

Platforms Affected:

  • FreeGuppy GuppY 4.5.9 and prior

Reported:

Nov 28, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page